Lucene search
K

9 matches found

NVD
NVD
added 2026/02/20 3:15 a.m.6 views

CVE-2026-26991

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a device group, an HTTP POST request is...

5.1CVSS0.00216EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/20 2:26 a.m.4 views

CVE-2026-26992 LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a port group, an HTTP POST request is sen...

5.1CVSS5.5AI score0.00216EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/20 2:26 a.m.27 views

CVE-2026-26992 LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a port group, an HTTP POST request is sen...

5.1CVSS0.00216EPSS
Exploits1References4
OSV
OSV
added 2026/02/20 2:26 a.m.6 views

CVE-2026-26992 LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a port group, an HTTP POST request is sen...

5.1CVSS5.5AI score0.00216EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/02/20 2:21 a.m.6 views

CVE-2026-26991

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device group name is not sanitized, allowing attackers with admin privileges to perform Stored Cross-Site Scripting XSS attacks. When a user adds a device group, an HTTP POST request is...

5.1CVSS5.5AI score0.00216EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/02/20 2:21 a.m.18 views

CVE-2026-26991

LibreNMS (versions 26.1.1 and earlier) is vulnerable to Stored Cross‑Site Scripting via the /device-groups name parameter when an admin user creates a device group. The unsanitized name can be stored and later rendered in the UI (e.g., Delete button context), enabling injected JavaScript. The iss...

5.1CVSS5.5AI score0.00216EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/20 1:34 a.m.5 views

CVE-2026-27016

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulnerable to Stored XSS via the unit parameter in Custom OID. The Custom OID functionality lacks striptags sanitization while other fields name, oid, datatype are sanitized. The...

5.4CVSS5.4AI score0.00227EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.9 views

LibreNMS 跨站脚本漏洞

LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 26.1.1 contained a cross-site scripting vulnerability. This...

5.1CVSS5.7AI score0.00216EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/20 12:0 a.m.20 views

LibreNMS 跨站脚本漏洞

LibreNMS is an open-source network monitoring system developed by the LibreNMS community, based on PHP and MySQL. This system features custom alerts, automatic discovery of networks, and automatic updates. Versions of LibreNMS prior to 26.1.1 contained a cross-site scripting vulnerability. This...

5.1CVSS5.7AI score0.00216EPSS
Exploits1References4
Rows per page
Query Builder