Vulnerabilities > Librenms

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-15	CVE-2022-0588	Unspecified vulnerability in Librenms Missing Authorization in Packagist librenms/librenms prior to 22.2.0. network low complexity librenms	6.5
2022-02-14	CVE-2022-0580	Unspecified vulnerability in Librenms Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0. network low complexity librenms	8.8
2022-02-14	CVE-2022-0575	Unspecified vulnerability in Librenms Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0. network low complexity librenms	5.4
2022-02-14	CVE-2022-0576	Unspecified vulnerability in Librenms Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0. network low complexity librenms	6.1
2021-12-03	CVE-2021-44278	Path Traversal vulnerability in Librenms 21.11.0 Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php. network low complexity librenms CWE-22 critical	9.8
2021-12-01	CVE-2021-44277	Cross-site Scripting vulnerability in Librenms 21.11.0 Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php. network low complexity librenms CWE-79	6.1
2021-12-01	CVE-2021-44279	Cross-site Scripting vulnerability in Librenms 21.11.0 Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php. network low complexity librenms CWE-79	6.1
2021-11-03	CVE-2021-43324	Cross-site Scripting vulnerability in Librenms LibreNMS through 21.10.2 allows XSS via a widget title. network low complexity librenms CWE-79	6.1
2021-09-08	CVE-2021-31274	Cross-site Scripting vulnerability in Librenms In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. network low complexity librenms CWE-79	5.4
2021-02-08	CVE-2020-35700	SQL Injection vulnerability in Librenms A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint. network low complexity librenms CWE-89	8.8

Vulnerabilities > Librenms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Librenms"}]}

Vulnerabilities > Librenms