Shodan
Vulnerabilities
Vulnerable Software
Librenms:  >> Librenms  Security Vulnerabilities
CVE-2022-0576
Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0.
CVSS Score
5.4
EPSS Score
0.0
Published
2022-02-14
CVE-2021-44278
Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2021-12-03
CVE-2021-44277
Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2021-12-01
CVE-2021-44279
Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2021-12-01
CVE-2021-43324
LibreNMS through 21.10.2 allows XSS via a widget title.
CVSS Score
6.1
EPSS Score
0.0
Published
2021-11-03
CVE-2021-31274
In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed.
CVSS Score
5.4
EPSS Score
0.0
Published
2021-09-08
CVE-2020-35700
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.
CVSS Score
8.8
EPSS Score
0.0
Published
2021-02-08
CVE-2020-15873
In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.
CVSS Score
6.5
EPSS Score
0.007
Published
2020-07-21
CVE-2020-15877
An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.
CVSS Score
8.8
EPSS Score
0.0
Published
2020-07-21
CVE-2019-10670
An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data being injected into these contexts, leading to attacker controlled JavaScript executing in the browser. One example of this is the string parameter in html/pages/inventory.inc.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2019-09-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved