15 matches found
CVE-2026-26992
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a port group, an HTTP POST request is sen...
CVE-2026-26992 LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a port group, an HTTP POST request is sen...
CVE-2026-26992 LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a port group, an HTTP POST request is sen...
CVE-2026-26992
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a port group, an HTTP POST request is sen...
CVE-2026-26992
Summary: CVE-2026-26992 affects LibreNMS up to version 26.1.1, where the port group name is not sanitized during creation via POST to /port-groups, enabling stored XSS when an admin creates a port group. The issue stems from unsanitized input in the name parameter, which is later rendered in the ...
LibreNMS 跨站脚本漏洞
LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 26.1.1 contained a cross-site scripting vulnerability. This...
GHSA-93FX-G747-695X LibreNMS /port-groups name Stored Cross-Site Scripting
Summary /port-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/port-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of t...
CVE-2024-50350
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This vulnerability results...
CVE-2024-50350 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This vulnerability results...
CVE-2024-50350 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This vulnerability results...
CVE-2024-50350 LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This vulnerability results...
GHSA-XH4G-C9P6-5JXG LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
Summary A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This vulnerability results in the execution of malicious code when the "Port Settings" page is...
PT-2024-34159
Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the name parameter when creating a new Port Group...
CVE-2024-44934 net: bridge: mcast: wait for previous gc cycles when removing port
In the Linux kernel, the following vulnerability has been resolved: net: bridge: mcast: wait for previous gc cycles when removing port syzbot hit a use-after-free1 which is caused because the bridge doesn't make sure that all previous garbage has been collected when removing a port. What happens...
Stored Cross-Site Scripting (XSS)
Description There is insufficient input validation in the pop-up notifications. Proof of Concept Steps to reproduce: 1. Log in to an admin account 2. Click on Ports - Manage Groups 3. Create a new Port Group with the Name alertdocument.location and an arbitrary Description 4. The XSS is triggered...