Librenms: >> Librenms Security Vulnerabilities
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin's account.
CVSS Score
7.6
EPSS Score
0.544
Published
2022-11-20
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
CVSS Score
3.4
EPSS Score
0.866
Published
2022-11-20
Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.
CVSS Score
2.7
EPSS Score
0.0
Published
2022-11-20
Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.
CVSS Score
9.0
EPSS Score
0.0
Published
2022-11-20
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-11-20
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
CVSS Score
4.3
EPSS Score
0.871
Published
2022-11-20
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
CVSS Score
3.4
EPSS Score
0.873
Published
2022-11-20
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
CVSS Score
5.7
EPSS Score
0.0
Published
2022-11-20
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.
CVSS Score
5.6
EPSS Score
0.003
Published
2022-09-17
LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php.
CVSS Score
6.1
EPSS Score
0.0
Published
2022-08-30