Lucene search
K

34 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-3033

Malicious code in bioql PyPI...

7.2CVSS6.3AI score0.00507EPSS
Exploits1References4
OSV
OSV
added 2025/04/15 10:15 p.m.7 views

CVE-2025-31654

An attacker can get information about the groups of the smart home devices for arbitrary users i.e., "rooms"...

6.9CVSS5.9AI score0.00264EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/15 9:7 p.m.9 views

CVE-2025-31654 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

An attacker can get information about the groups of the smart home devices for arbitrary users i.e., "rooms"...

6.9CVSS5.7AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:25 a.m.9 views

CVE-2024-47524

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of...

7.2CVSS6.9AI score0.00507EPSS
Exploits1References1
Veracode
Veracode
added 2024/10/04 4:42 a.m.9 views

Cross Site Scripting(XSS)

librenms/librenms is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to improper input sanitization in the Device Groups name, allowing JavaScript code to be executed when the details of the Device Group are viewed...

7.2CVSS6.7AI score0.00507EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/10/01 8:31 p.m.6 views

GHSA-FC38-2254-48G7 LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name

Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Devic...

8.6CVSS6.1AI score0.00507EPSS
Exploits1References4
CVE
CVE
added 2024/10/01 8:30 p.m.45 views

CVE-2024-47524

Summary of CVE-2024-47524 (LibreNMS) : The vulnerability affects LibreNMS where an Admin can create a Device Group and the input is not properly sanitized in the Device Group name. As a result, viewing the Device Group detail can trigger injected JavaScript, i.e., a stored XSS vulnerability. This...

7.2CVSS5.9AI score0.00507EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/10/01 8:30 p.m.17 views

CVE-2024-47524 LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of...

7.2CVSS6.7AI score0.00507EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.4 views

PT-2024-32639 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.9.0 Description: The application fails to properly sanitize user input in the Device Groups name, allowing an attacker to execute malicious JavaScript code when a user views the details of the Device Group. This...

8.6CVSS7.2AI score0.00507EPSS
Exploits1References9
Cvelist
Cvelist
added 2023/12/14 4:5 p.m.21 views

CVE-2023-6365 WhatsUp Gold Stored Cross-Site Scripting (XSS) via Device Groups

In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting XSS vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a device group. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be...

7.6CVSS6.8AI score0.00513EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2023/11/17 9:51 p.m.22 views

LibreNMS Cross-site Scripting at Device groups Deletion feature

Summary XSS attacks occurs when application is not sanitising inputs properly and rendering the code from user input to browser which could allow an attacker to execute malicious javascript code. PoC 1. Login 2. Create a device group in /device-groups 3. Name it as " 4. save it 5. Go to services...

6.3CVSS6.2AI score0.00562EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2023/11/17 9:6 p.m.10 views

CVE-2023-48295 Cross-site Scripting at Device groups Deletion feature in LibreNMS

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting XSS vulnerability in the device group popups. This issue has been addressed in commit...

6.3CVSS5.9AI score0.00562EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/11/17 9:6 p.m.34 views

CVE-2023-48295 Cross-site Scripting at Device groups Deletion feature in LibreNMS

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting XSS vulnerability in the device group popups. This issue has been addressed in commit...

6.3CVSS6.2AI score0.00562EPSS
Exploits0References3
Huntr
Huntr
added 2022/09/21 6:20 p.m.14 views

Stored Cross-Site Scripting (XSS)

Description There is insufficient input validation in the pop-up notifications. Proof of Concept Steps to reproduce: 1. Log in to an admin account 2. Click on Ports - Manage Groups 3. Create a new Port Group with the Name alertdocument.location and an arbitrary Description 4. The XSS is triggered...

4.3CVSS0.8AI score0.93343EPSS
Exploits0
Rows per page
Query Builder