Cross Site Scripting(XSS)

LibreNMS is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the lack of proper validation and sanitization of user-uploaded SVG files, allowing users with the "admin" role to upload these files as backgrounds for custom maps without sufficient security checks, which enables...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Set Background option in the Manage Custom Maps section, by uploading a malicious SV...

Metabase Information Disclosure Vulnerability

Metabase is an open source data analysis platform from Metabase, Inc. An information disclosure vulnerability exists in Metabase, which stems from a lack of permission validation in the product's admin-settings-maps-custom maps-add a map operation. An attacker could obtain sensitive information...

CVE-2021-41277 GeoJSON URL validation can expose server files and environment variables to unauthorized users

Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map admin-settings-maps-custom maps-add a map support and potential local file inclusion including environment variables. URLs were not validated prior to being...

Metabase 路径遍历漏洞

Metabase is an open source data analysis platform from Metabase, Inc. An information disclosure vulnerability exists in Metabase, which stems from a lack of permission validation in the product's admin-settings-maps-custom maps-add a map operation. An attacker could obtain sensitive information...