21 matches found
EUVD-2025-0095
Malicious code in bioql PyPI...
CVE-2024-52526
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This...
CVE-2024-8705
A vulnerability was found in Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System 5.6.2 and classified as critical. Affected by this issue is the function GetDataKindByType of the file /DataSrvs/UCCGSrv.asmx. The manipulation leads to sql injection. The attac...
CVE-2021-45043
HD-Network Real-time Monitoring System 2.0 allows ../ directory traversal to read /etc/shadow via the /language/lang sLanguage parameter...
CVE-2024-56144
CVE-2024-56144 / Librenms: A stored XSS in the display parameter of the /device/$DEVICE_ID/edit endpoint affects Librenms up to version 24.11.0. The underlying issue is insufficient input sanitization that allows injected scripts to execute when users view or interact with the affected page. The ...
CVE-2025-23198 Stored-XSS-LibreNMS-Display-Name in librenms
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters Replace $DEVICEID with your specific $DEVICEID value:/device/$DEVICEID/edit - param: display. Librenms versions up to 24.10.1 allow remote attackers to inject...
CVE-2025-23199
CVE-2025-23199 describes a stored XSS in LibreNMS
CVE-2025-23200
CVE-2025-23200 affects LibreNMS (librenms/librenms) up to version 24.10.1, where a stored XSS is possible via the ajax_form.php parameter state . The root cause is unsanitized user input in the dynamic_override_config path, allowing injected scripts to execute when a page displaying affected data...
CVE-2025-23201
CVE-2025-23201 affects LibreNMS. The issue is a Cross-site Scripting (XSS) in the /addhost endpoint via the community parameter, impacting Librenms versions up to 24.10.1. The root cause is improper handling/escaping of user-supplied input in this parameter, enabling attackers to inject scripts t...
CVE-2024-51495 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "overwriteip" parameter when editing a device. This vulnerability results i...
CVE-2024-49764 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the "hostname" parameter when creating a new device. This...
CVE-2024-49758
CVE-2024-49758 affects LibreNMS (PHP/MySQL/SNMP). It is a stored XSS vulnerability where an Admin can inject JavaScript into a device’s Notes via the ExamplePlugin, which is triggered when the plugin is enabled. The issue stems from insufficient input sanitization and is mitigated by upgrading to...
CVE-2024-47527
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name "hostname" parameter. This vulnerability can lead to t...
CVE-2024-47526 LibreNMS has a Self-XSS ('Cross-site Scripting') in librenms/includes/html/modal/alert_template.inc.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting Self-XSS vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon submission but does not...
CVE-2024-47528 LibreNMS Contains a Stored XSS via File Upload
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting XSS can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload...
CVE-2024-47528 LibreNMS Contains a Stored XSS via File Upload
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting XSS can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload...
Unspecified Vulnerability in LibreNMS
LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of the network environment and automatic updates. A security vulnerability exists in LibreNMS versions prior to 22.10.0, which stems fro...
LibreNMS 代码问题漏洞
LibreNMS is a PHP and MySQL based open source network monitoring system from the LibreNMS community. The system features custom alerts, auto-discovery of network environments, and automatic updates.LibreNMS versions prior to 22.10.0 have a security vulnerability that stems from insufficient sessi...
LibreNMS Cross-Site Scripting Vulnerability (CNVD-2022-66503)
LibreNMS is a PHP and MySQL based open source network monitoring system from the LibreNMS community. The system features custom alerts, auto-discovery of network environments and automatic updates.LibreNMS v22.3.0 version contains a cross-site scripting vulnerability that originates from the...
Librenms Cross-Site Scripting Vulnerability (CNVD-2022-15529)
Librenms is a PHP and MySQL based open source network monitoring system from the Librenms community. The system features custom alerts, auto-discovery of network environments and automatic updates.Librenms suffers from a cross-site scripting vulnerability that stems from the lack of proper...