56 matches found
Stored Cross-Site Scripting (XSS)
librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the alert rule name in the Alert Rule API, which allows an attacker to inject malicious HTML code when creating or updating alert rules via the API...
CVE-2026-26989
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting XSS vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser...
CVE-2026-26989
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting XSS vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser...
CVE-2026-26989
LibreNMS contains a Stored XSS in the Alert Rules workflow in versions 25.12.0 and earlier, due to vulnerable code in alert_rule_list.inc.php. The underlying issue is that admin users can inject scripts that execute in other users’ browsers when viewing the Alert Rules page. Impact is limited to ...
CVE-2026-26989 LibreNMS has Stored XSS in Alert Rule
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting XSS vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser...
CVE-2026-26989 LibreNMS has Stored XSS in Alert Rule
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting XSS vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser...
CVE-2026-26989 LibreNMS has Stored XSS in Alert Rule
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting XSS vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser...
CVE-2026-26989
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting XSS vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser...
LibreNMS 跨站脚本漏洞
LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 25.12.0 contained a cross-site scripting vulnerability. This...
PT-2026-20904
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by a Stored Cross-Site Scripting XSS vulnerability in the Alert Rules workflow. An attacker with administrative privileges can inject malicious scripts that execute in the browser...
Cross-site Scripting (XSS)
Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the alertrulelist.inc.php process. An attacker can execute arbitrary JavaScript code in...
LibreNMS has a Stored XSS in Alert Rule
Summary A stored Cross-Site Scripting XSS vulnerability exists in LibreNMS " . e$ruledisplay . " PoC Request PoC: POST /alert-rule HTTP/1.1 Host: 192.168.236.131 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:140.0 Gecko/20100101 Firefox/140.0 Accept: application/json, text/javascript, /; q=0.01...
GHSA-6XMX-XR9P-58P7 LibreNMS has a Stored XSS in Alert Rule
Summary A stored Cross-Site Scripting XSS vulnerability exists in LibreNMS " . e$ruledisplay . " PoC Request PoC: POST /alert-rule HTTP/1.1 Host: 192.168.236.131 User-Agent: Mozilla/5.0 X11; Linux x8664; rv:140.0 Gecko/20100101 Firefox/140.0 Accept: application/json, text/javascript, /; q=0.01...
CVE-2025-68614
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject...
HTML Injection
librenms/librenms is vulnerable to HTML injection. The vulnerability is due to improper sanitization of the alert rule name in the Alerts Alert Rules page, which allows an attacker to inject and execute arbitrary HTML code...
CVE-2025-62412
LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0...
CVE-2025-62411
LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS = 25.8.0 contains a Stored Cross-Site Scripting XSS vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the value of the Transport name field is stored a...
GHSA-6G2V-66CH-6XMH LibreNMS alert-rules has a Cross-Site Scripting Vulnerability
Executive Summary Product: LibreNMS Vendor: LibreNMS Vulnerability Type: Cross-Site Scripting XSS CVSS Score: 4.3 AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L Affected Version: 25.8.0 latest at time of discovery POC File: Download POC Ticket: ZDI-CAN-28105: LibreNMS Alert Rules Cross-Site Scripting...
LibreNMS alert-rules has a Cross-Site Scripting Vulnerability
Executive Summary Product: LibreNMS Vendor: LibreNMS Vulnerability Type: Cross-Site Scripting XSS CVSS Score: 4.3 AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L Affected Version: 25.8.0 latest at time of discovery POC File: Download POC Ticket: ZDI-CAN-28105: LibreNMS Alert Rules Cross-Site Scripting...
EUVD-2025-34819
LibreNMS alert-rules has a Cross-Site Scripting Vulnerability...