8 matches found
CVE-2025-65013
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without...
Cross-site Scripting (XSS)
Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Image Name parameter in the /maps/nodeimage endpoint. An attacker can execute...
CVE-2025-65013
LibreNMS (PHP/MySQL/SNMP-based network monitoring) contains a reflected XSS flaw in GET /maps/nodeimage via the Image Name parameter. The vulnerability allows arbitrary JavaScript execution in a victim’s browser when a crafted URL is visited. Details from multiple sources (including NVD/Red Hat/C...
CVE-2025-65013 LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without...
CVE-2025-65013 LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without...
GHSA-J8CQ-7F6P-256X LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`
Summary A Reflected Cross-Site Scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited ...
PT-2025-47403
Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 25.11.0 Description LibreNMS, a PHP/MySQL/SNMP based network monitoring tool, contains a reflected cross-site scripting XSS issue. The /maps/nodeimage endpoint is vulnerable because the Image Name parameter is...
CVE-2016-10758
PHPKIT 1.6.6 allows arbitrary File Upload, as demonstrated by a .php file to pkinc/admin/mediaarchive.php and pkinc/func/default.php via the imagename parameter...