Cross-site Scripting (XSS)

librenms/librenms is vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper filtering in the reportthis function in librenms/includes/functions.php, specifically incorrect use of htmlentities in an href context, which allows an attacker to inject malicious script v...

CVE-2025-62365

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in reportthis function in librenms/includes/functions.php. The reportthis function had improper filtering htmlentities function was incorrectly use in a href environment, which...

LibreNMS is vulnerable to Reflected-XSS in `report_this` function

Summary Reflected-XSS in reportthis function in librenms/includes/functions.php Details Recently, it was discovered that the reportthis function had improper filtering htmlentities function was incorrectly used in a href environment, which caused the projectissues parameter to trigger an XSS...

CVE-2025-62365

CVE-2025-62365 affects LibreNMS (LibreNMS/librenms) prior to version 25.7.0. The vulnerability is a reflected XSS in the function report_this (librenms/includes/functions.php) caused by improper filtering of user input, specifically the incorrect use of htmlentities in a href context, which allow...

CVE-2025-62365 LibreNMS vulnerable to Reflected-XSS in `report_this` function

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in reportthis function in librenms/includes/functions.php. The reportthis function had improper filtering htmlentities function was incorrectly use in a href environment, which...

CVE-2025-62365 LibreNMS vulnerable to Reflected-XSS in `report_this` function

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in reportthis function in librenms/includes/functions.php. The reportthis function had improper filtering htmlentities function was incorrectly use in a href environment, which...

EUVD-2025-34114

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in reportthis function in librenms/includes/functions.php. The reportthis function had improper filtering htmlentities function was incorrectly use in a href environment, which...

PT-2025-41825

Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 25.7.0 Description LibreNMS, an open-source network monitoring system, contains a reflected cross-site scripting XSS issue. The report this function within librenms/includes/functions.php exhibits improper filtering ...

LibreNMS 跨站脚本漏洞

LibreNMS is an open source network monitoring system based on PHP and MySQL from the LibreNMS community. The system features customizable alerts, auto-discovery of network environments, and automatic updates. A cross-site scripting vulnerability exists in LibreNMS versions prior to 25.7.0, which...

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the section parameter on the "logs" tab, due to a lack of sanitization in the reportthis...