Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the community parameter at the /addhost endpoint. Details Cross-site scripting or XSS is...

PT-2025-4843 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: Librenms versions up to 24.10.1 Description: The issue concerns Cross-site Scripting XSS in the /addhost API endpoint, specifically in the community parameter. This allows remote attackers to inject malicious scripts, which execute when a use...

LibreNMS arbitrary OS commands execution

LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $POST'community' parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajaxoutput.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers...

Apache CloudStack本地信息泄露漏洞

BUGTRAQ ID: 57259 CVECAN ID: CVE-2012-5616 Apache CloudStack是部署和管理大型虚拟机网络的开源软件。 Apache CloudStack 4.0.0-incubating及其他版本存在安全漏洞，本地用户可利用此漏洞泄露敏感信息。 1） createSSHKeyPair API命令内存在错误，此命令将新建的SSH密钥存储在日志文件中，可造成密钥泄露。 2）AddHost API呼叫将某些信息记录在日志文件内，可造成泄露已添加主机的密码。 3）DeployVM和ResetPasswordForVM...