Librenms: >> Librenms >> 1.20.1 Security Vulnerabilities
Improper Authorization in Packagist librenms/librenms prior to 22.2.0.
CVSS Score
7.1
EPSS Score
0.0
Published
2022-02-15
Missing Authorization in Packagist librenms/librenms prior to 22.2.0.
CVSS Score
7.1
EPSS Score
0.0
Published
2022-02-15
Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0.
CVSS Score
7.1
EPSS Score
0.0
Published
2022-02-14
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0.
CVSS Score
5.4
EPSS Score
0.0
Published
2022-02-14
Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0.
CVSS Score
5.4
EPSS Score
0.0
Published
2022-02-14
LibreNMS through 21.10.2 allows XSS via a widget title.
CVSS Score
6.1
EPSS Score
0.0
Published
2021-11-03
In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed.
CVSS Score
5.4
EPSS Score
0.0
Published
2021-09-08
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.
CVSS Score
8.8
EPSS Score
0.0
Published
2021-02-08
In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.
CVSS Score
6.5
EPSS Score
0.007
Published
2020-07-21
An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-07-21