2 matches found
CVE-2025-23200 Stored XSS-LibreNMS-Misc Section in librenms
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: ajaxform.php - param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page...
CVE-2025-23200
CVE-2025-23200 affects LibreNMS (librenms/librenms) up to version 24.10.1, where a stored XSS is possible via the ajax_form.php parameter state . The root cause is unsanitized user input in the dynamic_override_config path, allowing injected scripts to execute when a page displaying affected data...