Reflected Cross-Site Scripting (XSS)

librenms/librenms is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper output encoding of the Image Name parameter in the /maps/nodeimage endpoint, which allows an attacker to craft a malicious URL that executes arbitrary JavaScript in a victim’s browser when...

CVE-2025-65013

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Image Name parameter in the /maps/nodeimage endpoint. An attacker can execute...

CVE-2025-65013

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without...

CVE-2025-65013 LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without...

CVE-2025-65013

LibreNMS (PHP/MySQL/SNMP-based network monitoring) contains a reflected XSS flaw in GET /maps/nodeimage via the Image Name parameter. The vulnerability allows arbitrary JavaScript execution in a victim’s browser when a crafted URL is visited. Details from multiple sources (including NVD/Red Hat/C...

CVE-2025-65013 LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without...

LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`

Summary A Reflected Cross-Site Scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited ...

GHSA-J8CQ-7F6P-256X LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`

Summary A Reflected Cross-Site Scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited ...

PT-2025-47403

Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 25.11.0 Description LibreNMS, a PHP/MySQL/SNMP based network monitoring tool, contains a reflected cross-site scripting XSS issue. The /maps/nodeimage endpoint is vulnerable because the Image Name parameter is...

CVE-2024-3129

A vulnerability was found in SourceCodester Image Accordion Gallery App 1.0. It has been classified as critical. This affects an unknown part of the file /endpoint/add-image.php. The manipulation of the argument imagename leads to unrestricted upload. It is possible to initiate the attack remotel...

SourceCodester Image Accordion Gallery App 安全漏洞

The SourceCodester Image Accordion Gallery App is an elegant solution for seamlessly displaying and managing collections of images. A security vulnerability exists in the SourceCodester Image Accordion Gallery App version 1.0, which stems from an unknown section in endpoint/add-image.php that...

CVE-2016-10758

PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the imagename parameter...