CVE-2020-13118

An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in checkcommunity.php via the parameter community...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the community parameter at the /addhost endpoint. Details Cross-site scripting or XSS is...

Librenms has a reflected XSS on error alert

XSS on the parameters:/addhost - param: community of Librenms versions 24.10.1 https://github.com/librenms/librenms allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potentia...

LibreNMS 跨站脚本漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. A cross-site scripting vulnerability exists in LibreNMS 24.10.1 and earlier versions,...

PT-2025-4843 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: Librenms versions up to 24.10.1 Description: The issue concerns Cross-site Scripting XSS in the /addhost API endpoint, specifically in the community parameter. This allows remote attackers to inject malicious scripts, which execute when a use...

LibreNMS arbitrary OS commands execution

LibreNMS 1.46 allows remote attackers to execute arbitrary OS commands by using the $POST'community' parameter to html/pages/addhost.inc.php during creation of a new device, and then making a /ajaxoutput.php?id=capture&format=text&type=snmpwalk&hostname=localhost request that triggers...