16 matches found
CVE-2026-27016
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The...
CVE-2026-27016
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The...
CVE-2026-27016
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The...
CVE-2026-27016 LibreNMS has Stored XSS in Custom OID - unit parameter missing strip_tags()
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The...
CVE-2026-27016
LibreNMS (versions 24.10.0–26.1.1) contains a Stored XSS in the Custom OID unit field due to missing strip_tags() sanitization (unit is taken from POST without sanitization; other fields are sanitized). The unsanitized value is stored and rendered without HTML escaping in device graphs, enabling ...
CVE-2026-27016 LibreNMS has Stored XSS in Custom OID - unit parameter missing strip_tags()
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The...
LibreNMS has a Stored XSS in Custom OID - unit parameter missing strip_tags()
Summary The unit parameter in Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping, allowing Stored XSS. Details Vulnerable Input Processing...
GHSA-FQX6-693C-F55G LibreNMS has a Stored XSS in Custom OID - unit parameter missing strip_tags()
Summary The unit parameter in Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The unsanitized value is stored in the database and rendered without HTML escaping, allowing Stored XSS. Details Vulnerable Input Processing...
EUVD-2024-3257
Malicious code in bioql PyPI...
CVE-2024-51497
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can le...
Cross-Site Scripting (XSS)
librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of the "unit" parameter in the "Custom OID" tab, allowing authenticated users to inject arbitrary JavaScript when creating a new OID...
CVE-2024-51497
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can le...
CVE-2024-51497 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can le...
CVE-2024-51497 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can le...
CVE-2024-51497 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can le...
PT-2024-34661
Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 24.10.0 Description A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the unit parameter when creating a new OID. Th...