Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.8 views

CVE-2026-2728

LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page...

4.8CVSS5.5AI score0.00225EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/18 5:0 p.m.5 views

EUVD-2026-21907

LibreNMS: Cross-Site Scripting in ShowConfigController...

4.8CVSS5.8AI score0.00225EPSS
Exploits1References3
OSV
OSV
added 2026/05/18 5:0 p.m.5 views

GHSA-5GM9-622F-QCG5 LibreNMS: Cross-Site Scripting in ShowConfigController

Summary A Stored Cross-Site Scripting XSS vulnerability exists in the ShowConfig page of devices affected by the RANCID Integration settings. The application fails to properly sanitise the rancidrepourl configuration value. When a user navigates to a device's configuration page, this unsanitised...

3.5CVSS6.2AI score0.00225EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/18 5:0 p.m.22 views

LibreNMS: Cross-Site Scripting in ShowConfigController

Summary A Stored Cross-Site Scripting XSS vulnerability exists in the ShowConfig page of devices affected by the RANCID Integration settings. The application fails to properly sanitise the rancidrepourl configuration value. When a user navigates to a device's configuration page, this unsanitised...

4.8CVSS6.2AI score0.00225EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2026/04/18 5:34 a.m.15 views

LibreNMS: Cross-Site Scripting In ShowConfigController

Summary A Stored Cross-Site Scripting XSS vulnerability exists in the ShowConfig page of devices affected by the RANCID Integration settings. The application fails to properly sanitise the "rancidrepourl" configuration value. When a user navigates to a device's configuration page, this unsanitise...

4.8CVSS6.2AI score0.00225EPSS
Exploits1Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/13 12:31 p.m.10 views

Duplicate Advisory: LibreNMS affected by an authenticated Cross-site Scripting vulnerability on the showconfig page

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5gm9-622f-qcg5. This link is maintained to preserve external references. Original Description LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig...

4.8CVSS5.8AI score0.00225EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/13 12:31 p.m.2 views

GHSA-RP7W-624X-95QV Duplicate Advisory: LibreNMS affected by an authenticated Cross-site Scripting vulnerability on the showconfig page

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5gm9-622f-qcg5. This link is maintained to preserve external references. Original Description LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig...

4.8CVSS5.8AI score0.00225EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/13 12:10 p.m.3 views

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the showconfig page when administrative privileges are present. An attacker can execute...

4.8CVSS5.8AI score0.00225EPSS
Exploits1References2
NVD
NVD
added 2026/04/13 11:16 a.m.6 views

CVE-2026-2728

LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page...

4.8CVSS0.00225EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/13 10:39 a.m.2 views

CVE-2026-2728

LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page...

4.6CVSS5.8AI score0.00225EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/13 10:39 a.m.3 views

CVE-2026-2728

LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page...

4.6CVSS5.8AI score0.00225EPSS
Exploits1References1
CVE
CVE
added 2026/04/13 10:39 a.m.11 views

CVE-2026-2728

CVE-2026-2728 affects LibreNMS before 26.3.0. The issue is an authenticated Cross-site Scripting (XSS) vulnerability on the showconfig page, exploitable by users with administrative privileges. Successful exploitation could trigger XSS attacks against other users with access to the page. CVSS met...

4.8CVSS5.8AI score0.00225EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/13 10:39 a.m.34 views

CVE-2026-2728

LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page...

4.6CVSS0.00225EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.5 views

PT-2026-32330

Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 26.3.0 Description An authenticated Cross-site Scripting issue exists on the 'showconfig' page. An attacker with administrative privileges can execute scripts that target other users who access the same page...

4.8CVSS5.9AI score0.00225EPSS
Exploits1References9
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.9 views

LibreNMS 安全漏洞

LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 26.3.0 contained security vulnerabilities; these...

4.8CVSS5.7AI score0.00225EPSS
Exploits1References1
OSV
OSV
added 2022/07/18 1:15 p.m.5 views

CVE-2022-30620

On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: "1" to "0" privileges by changing the following cookie values from "isadmin", "showConfig". Administrative Privileges which allows changing various configuration in the camera...

8.8CVSS5.8AI score0.0045EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/07/18 12:0 a.m.5 views

PT-2022-20213 · Cellinx · Cellinx Camera

Name of the Vulnerable Software and Affected Versions: Cellinx Camera affected versions not specified Description: The issue allows an attacker with web access to elevate privileges from guest to administrative by modifying specific cookie values, including is admin and showConfig, enabling chang...

8.8CVSS8.5AI score0.0045EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/12/03 12:0 a.m.7 views

Librenms 路径遍历漏洞

Librenms is a Librenms community of open source network monitoring system based on PHP and MySQL. The system features custom alerts, automatic discovery of network environments and automatic updates.Librenms suffers from a path traversal vulnerability that stems from Librenms 21.11.0 being affect...

9.8CVSS5.5AI score0.01435EPSS
Exploits2References2
Rows per page
Query Builder