34 matches found
EUVD-2024-3033
Malicious code in bioql PyPI...
CVE-2025-31654
An attacker can get information about the groups of the smart home devices for arbitrary users i.e., "rooms"...
CVE-2025-31654 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An attacker can get information about the groups of the smart home devices for arbitrary users i.e., "rooms"...
CVE-2024-47524
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of...
Cross Site Scripting(XSS)
librenms/librenms is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to improper input sanitization in the Device Groups name, allowing JavaScript code to be executed when the details of the Device Group are viewed...
GHSA-FC38-2254-48G7 LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name
Summary The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code. Details User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Devic...
CVE-2024-47524
Summary of CVE-2024-47524 (LibreNMS) : The vulnerability affects LibreNMS where an Admin can create a Device Group and the input is not properly sanitized in the Device Group name. As a result, viewing the Device Group detail can trigger injected JavaScript, i.e., a stored XSS vulnerability. This...
CVE-2024-47524 LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of...
PT-2024-32639 · Librenms · Librenms
Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.9.0 Description: The application fails to properly sanitize user input in the Device Groups name, allowing an attacker to execute malicious JavaScript code when a user views the details of the Device Group. This...
CVE-2023-6365 WhatsUp Gold Stored Cross-Site Scripting (XSS) via Device Groups
In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting XSS vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within a device group. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be...
LibreNMS Cross-site Scripting at Device groups Deletion feature
Summary XSS attacks occurs when application is not sanitising inputs properly and rendering the code from user input to browser which could allow an attacker to execute malicious javascript code. PoC 1. Login 2. Create a device group in /device-groups 3. Name it as " 4. save it 5. Go to services...
CVE-2023-48295 Cross-site Scripting at Device groups Deletion feature in LibreNMS
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting XSS vulnerability in the device group popups. This issue has been addressed in commit...
CVE-2023-48295 Cross-site Scripting at Device groups Deletion feature in LibreNMS
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting XSS vulnerability in the device group popups. This issue has been addressed in commit...
Stored Cross-Site Scripting (XSS)
Description There is insufficient input validation in the pop-up notifications. Proof of Concept Steps to reproduce: 1. Log in to an admin account 2. Click on Ports - Manage Groups 3. Create a new Port Group with the Name alertdocument.location and an arbitrary Description 4. The XSS is triggered...