Vulnerabilities > Librenms > Librenms > 1.44
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-15 | CVE-2022-0589 | Cross-site Scripting vulnerability in Librenms Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0. | 3.5 |
2022-02-15 | CVE-2022-0587 | Improper Authorization vulnerability in Librenms Improper Authorization in Packagist librenms/librenms prior to 22.2.0. | 4.0 |
2022-02-15 | CVE-2022-0588 | Missing Authorization vulnerability in Librenms Missing Authorization in Packagist librenms/librenms prior to 22.2.0. | 6.5 |
2022-02-14 | CVE-2022-0580 | Incorrect Authorization vulnerability in Librenms Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0. | 8.8 |
2022-02-14 | CVE-2022-0575 | Cross-site Scripting vulnerability in Librenms Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0. | 3.5 |
2022-02-14 | CVE-2022-0576 | Cross-site Scripting vulnerability in Librenms Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0. | 4.3 |
2021-11-03 | CVE-2021-43324 | Cross-site Scripting vulnerability in Librenms LibreNMS through 21.10.2 allows XSS via a widget title. | 4.3 |
2021-09-08 | CVE-2021-31274 | Cross-site Scripting vulnerability in Librenms In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. | 3.5 |
2021-02-08 | CVE-2020-35700 | SQL Injection vulnerability in Librenms A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint. | 6.5 |
2020-07-21 | CVE-2020-15877 | Exposure of Resource to Wrong Sphere vulnerability in Librenms An issue was discovered in LibreNMS before 1.65.1. | 6.5 |