) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:librenms:librenms:1.59:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2022-3231 |
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0. Published: September 17, 2022; 1:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0:(not available) |
| CVE-2022-0772 |
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2. Published: February 27, 2022; 5:15:07 PM -0500 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
| CVE-2022-0589 |
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0. Published: February 15, 2022; 4:15:06 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2022-0588 |
Missing Authorization in Packagist librenms/librenms prior to 22.2.0. Published: February 15, 2022; 3:15:07 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2022-0587 |
Improper Authorization in Packagist librenms/librenms prior to 22.2.0. Published: February 15, 2022; 3:15:07 AM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2022-0580 |
Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0. Published: February 14, 2022; 6:15:07 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2022-0576 |
Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0. Published: February 14, 2022; 7:15:23 AM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2022-0575 |
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0. Published: February 14, 2022; 7:15:23 AM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2021-43324 |
LibreNMS through 21.10.2 allows XSS via a widget title. Published: November 03, 2021; 11:15:07 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2021-31274 |
In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed. Published: September 08, 2021; 2:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2020-35700 |
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint. Published: February 08, 2021; 4:15:12 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2020-15877 |
An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php. Published: July 21, 2020; 1:15:12 PM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2020-15873 |
In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php. Published: July 21, 2020; 1:15:12 PM -0400 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |