Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
librenms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-10665
An issue exists in LibreNMS up to and including 1.47. The scripts that handle the graphing options (html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php) do not sufficiently validate or encode several fields of user supplied input. Some parameters are filte...
Librenms Librenms
9.1
CVSSv3
CVE-2019-10668
An issue exists in LibreNMS up to and including 1.47. A number of scripts import the Authentication libraries, but do not enforce an actual authentication check. Several of these scripts disclose information or expose functions that are of a sensitive nature and are not expected ...
Librenms Librenms
7.2
CVSSv3
CVE-2019-10669
An issue exists in LibreNMS up to and including 1.47. There is a command injection vulnerability in html/includes/graphs/device/collectd.inc.php where user supplied parameters are filtered with the mysqli_escape_real_string function. This function is not the appropriate function ...
Librenms Librenms
1 EDB exploit
5.4
CVSSv3
CVE-2023-4347
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms before 23.8.0.
Librenms Librenms
5.4
CVSSv3
CVE-2022-0575
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms before 22.2.0.
Librenms Librenms
6.1
CVSSv3
CVE-2022-0576
Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms before 22.1.0.
Librenms Librenms
5.4
CVSSv3
CVE-2022-3231
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms before 22.9.0.
Librenms Librenms
6.1
CVSSv3
CVE-2018-18478
Persistent Cross-Site Scripting (XSS) issues in LibreNMS prior to 1.44 allow remote malicious users to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/de...
Librenms Librenms
6.5
CVSSv3
CVE-2020-15873
In LibreNMS prior to 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.
Librenms Librenms
1 Github repository
5.4
CVSSv3
CVE-2023-4980
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms before 23.9.0.
Librenms Librenms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »