13 matches found
Reflected Cross-Site Scripting (XSS)
librenms/librenms is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper output encoding of the Image Name parameter in the /maps/nodeimage endpoint, which allows an attacker to craft a malicious URL that executes arbitrary JavaScript in a victim’s browser when...
CVE-2025-65013
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without...
Cross-site Scripting (XSS)
Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Image Name parameter in the /maps/nodeimage endpoint. An attacker can execute...
CVE-2025-65013
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without...
CVE-2025-65013 LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without...
CVE-2025-65013 LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without...
EUVD-2025-198061
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without...
CVE-2025-65013
LibreNMS (PHP/MySQL/SNMP-based network monitoring) contains a reflected XSS flaw in GET /maps/nodeimage via the Image Name parameter. The vulnerability allows arbitrary JavaScript execution in a victim’s browser when a crafted URL is visited. Details from multiple sources (including NVD/Red Hat/C...
CVE-2025-65013 LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without...
LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`
Summary A Reflected Cross-Site Scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited ...
GHSA-J8CQ-7F6P-256X LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`
Summary A Reflected Cross-Site Scripting XSS vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited ...
LibreNMS 跨站脚本漏洞
LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. A cross-site scripting vulnerability exists in LibreNMS versions prior to 25.11.0, which...
PT-2025-47403
Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 25.11.0 Description LibreNMS, a PHP/MySQL/SNMP based network monitoring tool, contains a reflected cross-site scripting XSS issue. The /maps/nodeimage endpoint is vulnerable because the Image Name parameter is...