Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0.
5.4CVSS
5.5AI Score
0.0004EPSS
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.
5.4CVSS
5.6AI Score
0.0004EPSS
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.
5.4CVSS
5.5AI Score
0.0004EPSS
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.
6.1CVSS
6.2AI Score
0.0005EPSS
6.5CVSS
6.9AI Score
0.0005EPSS
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an atta...
7.1CVSS
7.7AI Score
0.0004EPSS
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the Service template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability.
7.1CVSS
6.4AI Score
0.0004EPSS
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Versions prior to 24.4.0 are vulnerable to SQL injection. The order parameter is obtained from $request. After performing a string check, the value is directly incorporated into an SQL statement and concatenated, resulting ...
7.2CVSS
7.8AI Score
0.0004EPSS