15 matches found
CVE-2026-27016
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The...
CVE-2025-12511 A user with elevated privileges can inject XSS in the DSM Administration’s Extensions configuration page
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring DSM extenstio configuration modules allows Stored XSS to user with elevated privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10...
CVE-2025-12513 A user with elevated privileges can inject XSS in the Hosts configuration parameters page
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Hosts configuration form modules allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0...
EUVD-2025-36202
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Services Meta-services modules allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.9, from 24.04.0...
Centreon 安全漏洞
Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for network, system and application resources. A security vulnerability exists in Centreon that stems from improperly set default permissions, which could lead ...
CVE-2025-54891
The CVE-2025-54891 issue is an XSS vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) caused by Improper Neutralization of Input During Web Page Generation. Affected versions are Centreon Infra Monitoring 23.10.0–23.10.28, 24.04.0–24.04.18, and 24.10.0–24.10.13...
CVE-2025-54889 A user with elevated privileges can inject XSS in the SNMP traps manufacturer configuration page
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring SNMP traps manufacturer configuration modules allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13...
CVE-2025-4650
User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...
CVE-2024-51497
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can le...
PT-2024-35746 · Librenms · Librenms
Name of the Vulnerable Software and Affected Versions: LibreNMS versions 24.9.0 through 24.10.0 Description: A stored cross-site scripting XSS vulnerability in the Device Settings section of LibreNMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the...
CVE-2024-51495
CVE-2024-51495 (LibreNMS) is a stored XSS vulnerability in the Device Overview page via the overwrite_ip parameter, exploited when editing a device. The root cause is improper sanitization in librenms/includes/html/dev-overview-data.inc.php, allowing authenticated users to inject JavaScript that ...
CVE-2024-49764
CVE-2024-49764 affects LibreNMS (librenms/librenms) with a Stored XSS in the Capture Debug Information page, exploitable via the hostname parameter when creating a new device. The underlying issue is improper sanitization of the output that can execute arbitrary JavaScript in authenticated users’...
PT-2024-33669 · Librenms · Librenms
Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: A Stored Cross-Site Scripting XSS vulnerability in the "Manage User Access" page allows authenticated users to inject arbitrary JavaScript through the bill name parameter when creating a new bil...
PT-2024-34159
Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the name parameter when creating a new Port Group...
PT-2024-34660 · Librenms · Librenms
Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: A Reflected Cross-Site Scripting XSS vulnerability in the metric parameter of the "/wireless" and "/health" endpoints allows attackers to inject arbitrary JavaScript, potentially compromising a...