Librenms: >> Librenms >> 1.54 Security Vulnerabilities
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0.
CVSS Score
5.4
EPSS Score
0.0
Published
2022-02-14
Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0.
CVSS Score
5.4
EPSS Score
0.0
Published
2022-02-14
LibreNMS through 21.10.2 allows XSS via a widget title.
CVSS Score
6.1
EPSS Score
0.0
Published
2021-11-03
In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed.
CVSS Score
5.4
EPSS Score
0.0
Published
2021-09-08
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.
CVSS Score
8.8
EPSS Score
0.0
Published
2021-02-08
In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.
CVSS Score
6.5
EPSS Score
0.077
Published
2020-07-21
An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-07-21
LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account.
CVSS Score
5.4
EPSS Score
0.0
Published
2019-08-28
Page 7