Vulnerabilities > Librenms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-01 | CVE-2021-44279 | Cross-site Scripting vulnerability in Librenms 21.11.0 Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php. | 6.1 |
| 2021-11-03 | CVE-2021-43324 | Cross-site Scripting vulnerability in Librenms LibreNMS through 21.10.2 allows XSS via a widget title. | 6.1 |
| 2021-09-08 | CVE-2021-31274 | Cross-site Scripting vulnerability in Librenms In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. | 5.4 |
| 2021-02-08 | CVE-2020-35700 | SQL Injection vulnerability in Librenms A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint. | 8.8 |
| 2020-07-21 | CVE-2020-15877 | Unspecified vulnerability in Librenms An issue was discovered in LibreNMS before 1.65.1. | 8.8 |
| 2020-07-21 | CVE-2020-15873 | SQL Injection vulnerability in Librenms In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php. | 6.5 |
| 2019-09-09 | CVE-2019-12465 | SQL Injection vulnerability in Librenms An issue was discovered in LibreNMS 1.50.1. | 8.1 |
| 2019-09-09 | CVE-2019-12464 | Path Traversal vulnerability in Librenms 1.50.1 An issue was discovered in LibreNMS 1.50.1. | 7.5 |
| 2019-09-09 | CVE-2019-12463 | Improper Encoding or Escaping of Output vulnerability in Librenms 1.50.1/1.51/1.52 An issue was discovered in LibreNMS 1.50.1. | 8.8 |
| 2019-09-09 | CVE-2019-10671 | SQL Injection vulnerability in Librenms An issue was discovered in LibreNMS through 1.47. | 8.8 |