Vulnerabilities > Librenms > Librenms > 1.54
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-21 | CVE-2020-15873 | SQL Injection vulnerability in Librenms In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php. | 4.0 |
2019-08-28 | CVE-2019-15230 | Cross-site Scripting vulnerability in Librenms 1.54 LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. | 3.5 |