9 matches found
CVE-2026-26992
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a port group, an HTTP POST request is sen...
CVE-2026-26992
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a port group, an HTTP POST request is sen...
CVE-2026-26992 LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a port group, an HTTP POST request is sen...
CVE-2026-26992
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a port group, an HTTP POST request is sen...
Cross-site Scripting (XSS)
Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the name parameter in the HTTP POST request to /port-groups. An attacker with admin...
LibreNMS /port-groups name Stored Cross-Site Scripting
Summary /port-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/port-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of t...
GHSA-93FX-G747-695X LibreNMS /port-groups name Stored Cross-Site Scripting
Summary /port-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/port-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of t...
PT-2026-20789
Name of the Vulnerable Software and Affected Versions LibreNMS versions 26.1.1 and below Description LibreNMS is a network monitoring tool. A stored cross-site scripting XSS issue exists due to insufficient sanitization of the port group name. An attacker with administrator privileges can inject...
Improper Access Control in librenms/librenms
Description Improper Access Control vulnerability in LibreNMS v22.1.0 allows attackers with the normal role/level to interact with port-groups functionality such as create, edit/modify and delete the existing port group. The port-groups functionality fails to enforce policy such that normal users...