5 matches found
CVE-2025-55296 LibreNMS allows stored XSS in Alert Template name field
librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting XSS vulnerability exists in LibreNMS = 25.6.0 in the Alert Template creation feature. This allows a user with the admin role to inject malicious JavaScript, which will be executed when the template...
Cross Site Scripting(XSS)
librenms/librenms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the "Alert Rules" feature, where the "Title" field does not properly sanitize user input, allowing the injection of arbitrary JavaScript...
CVE-2024-47526
LibreNMS is affected by a Self-XSS in the Alert Templates feature. The vulnerability stems from insufficient sanitization of the template name before rendering in the UI, allowing arbitrary JavaScript to execute during template creation. The in-page script runs at submission time but does not per...
Contact List < 2.9.42 - Reflected Cross-Site Scripting
The plugin does not escape the cardheight parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting issue https://example.com/wp-admin/edit.php?posttype=contact&page=contact-list-printable&cardheight="alert/XSS/...
MyBB Plugin Recent Threads On Index - Cross-Site Scripting
MyBB Plugin Recent Threads On Index - Cross-Site Scripting Exploit Title: MyBB Recent threads Date: 4th April 2018 Exploit Author: Perileos Software Link: https://community.mybb.com/mods.php?action=view&pid=191 Version: 17.0 Tested on: Windows 10 1. Description: This plugin shows recent threads i...