Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
librenms librenms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-4978
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms before 23.9.0.
Librenms Librenms
NA
CVE-2023-4980
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms before 23.9.0.
Librenms Librenms
NA
CVE-2023-4981
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms before 23.9.0.
Librenms Librenms
NA
CVE-2023-4982
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms before 23.9.0.
Librenms Librenms
6.5
CVSSv2
CVE-2020-35700
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS prior to 21.1.0 allows remote authenticated malicious users to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-setti...
Librenms Librenms
4
CVSSv2
CVE-2020-15873
In LibreNMS prior to 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.
Librenms Librenms
1 Github repository
7.5
CVSSv2
CVE-2019-10665
An issue exists in LibreNMS up to and including 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filte...
Librenms Librenms
6.8
CVSSv2
CVE-2019-10666
An issue exists in LibreNMS up to and including 1.47. Several of the scripts perform dynamic script inclusion via the include() function on user supplied input without sanitizing the values by calling basename() or a similar function. An attacker can leverage this to execute PHP ...
Librenms Librenms
4.3
CVSSv2
CVE-2019-10670
An issue exists in LibreNMS up to and including 1.47. Many of the scripts rely on the function mysqli_escape_real_string for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data b...
Librenms Librenms
6.5
CVSSv2
CVE-2018-20678
LibreNMS up to and including 1.47 allows SQL injection via the html/ajax_table.php sort[hostname] parameter, exploitable by authenticated users during a search.
Librenms Librenms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »