Lucene search
K

15 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/20 1:34 a.m.5 views

CVE-2026-27016

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The...

5.4CVSS5.4AI score0.00227EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/05 2:5 p.m.6 views

CVE-2025-12511 A user with elevated privileges can inject XSS in the DSM Administration’s Extensions configuration page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring DSM extenstio configuration modules allows Stored XSS to user with elevated privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.1, from 24.10...

6.8CVSS5.1AI score0.00163EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/05 1:43 p.m.5 views

CVE-2025-12513 A user with elevated privileges can inject XSS in the Hosts configuration parameters page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Hosts configuration form modules allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0...

6.8CVSS5.2AI score0.00163EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/27 6:31 p.m.12 views

EUVD-2025-36202

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Services Meta-services modules allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.9, from 24.04.0...

6.2CVSS5AI score0.00191EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/27 12:0 a.m.7 views

Centreon 安全漏洞

Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for network, system and application resources. A security vulnerability exists in Centreon that stems from improperly set default permissions, which could lead ...

8.4CVSS6.4AI score0.00378EPSS
Exploits0References2
CVE
CVE
added 2025/10/14 3:7 p.m.13 views

CVE-2025-54891

The CVE-2025-54891 issue is an XSS vulnerability in Centreon Infra Monitoring (ACL Resource access configuration modules) caused by Improper Neutralization of Input During Web Page Generation. Affected versions are Centreon Infra Monitoring 23.10.0–23.10.28, 24.04.0–24.04.18, and 24.10.0–24.10.13...

6.8CVSS5.6AI score0.00235EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/14 2:54 p.m.3 views

CVE-2025-54889 A user with elevated privileges can inject XSS in the SNMP traps manufacturer configuration page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring SNMP traps manufacturer configuration modules allows Stored XSS by users with elevated privileges. This issue affects Infra Monitoring: from 24.10.0 before 24.10.13...

6.8CVSS5.1AI score0.00235EPSS
Exploits0References2
NVD
NVD
added 2025/08/22 7:15 p.m.5 views

CVE-2025-4650

User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26...

7.2CVSS0.00381EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:4 a.m.15 views

CVE-2024-51497

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can le...

5.4CVSS5.1AI score0.00396EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2024/12/05 12:0 a.m.5 views

PT-2024-35746 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions 24.9.0 through 24.10.0 Description: A stored cross-site scripting XSS vulnerability in the Device Settings section of LibreNMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the...

5.5CVSS5.8AI score0.42464EPSS
Exploits1References13
CVE
CVE
added 2024/11/15 3:44 p.m.54 views

CVE-2024-51495

CVE-2024-51495 (LibreNMS) is a stored XSS vulnerability in the Device Overview page via the overwrite_ip parameter, exploited when editing a device. The root cause is improper sanitization in librenms/includes/html/dev-overview-data.inc.php, allowing authenticated users to inject JavaScript that ...

5.4CVSS4.9AI score0.00396EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2024/11/15 3:27 p.m.60 views

CVE-2024-49764

CVE-2024-49764 affects LibreNMS (librenms/librenms) with a Stored XSS in the Capture Debug Information page, exploitable via the hostname parameter when creating a new device. The underlying issue is improper sanitization of the output that can execute arbitrary JavaScript in authenticated users’...

5.4CVSS4.9AI score0.00381EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.4 views

PT-2024-33669 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: A Stored Cross-Site Scripting XSS vulnerability in the "Manage User Access" page allows authenticated users to inject arbitrary JavaScript through the bill name parameter when creating a new bil...

5.4CVSS5.5AI score0.00402EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.6 views

PT-2024-34159

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: A Stored Cross-Site Scripting XSS vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the name parameter when creating a new Port Group...

5.4CVSS5.8AI score0.00381EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.6 views

PT-2024-34660 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: A Reflected Cross-Site Scripting XSS vulnerability in the metric parameter of the "/wireless" and "/health" endpoints allows attackers to inject arbitrary JavaScript, potentially compromising a...

5.4CVSS6AI score0.00403EPSS
Exploits1References9
Rows per page
Query Builder