Vulnerabilities > Librenms > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-06-02 CVE-2022-29711 Cross-site Scripting vulnerability in Librenms 22.3.0
LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php.
network
librenms CWE-79
4.3
4.3
2022-02-15 CVE-2022-0587 Improper Authorization vulnerability in Librenms
Improper Authorization in Packagist librenms/librenms prior to 22.2.0.
network
low complexity
librenms CWE-285
4.0
4.0
2022-02-15 CVE-2022-0588 Missing Authorization vulnerability in Librenms
Missing Authorization in Packagist librenms/librenms prior to 22.2.0.
network
low complexity
librenms CWE-862
6.5
6.5
2022-02-14 CVE-2022-0576 Cross-site Scripting vulnerability in Librenms
Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0.
network
librenms CWE-79
4.3
4.3
2021-12-01 CVE-2021-44277 Cross-site Scripting vulnerability in Librenms 21.11.0
Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php.
network
librenms CWE-79
4.3
4.3
2021-12-01 CVE-2021-44279 Cross-site Scripting vulnerability in Librenms 21.11.0
Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php.
network
librenms CWE-79
4.3
4.3
2021-11-03 CVE-2021-43324 Cross-site Scripting vulnerability in Librenms
LibreNMS through 21.10.2 allows XSS via a widget title.
network
librenms CWE-79
4.3
4.3
2021-02-08 CVE-2020-35700 SQL Injection vulnerability in Librenms
A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint.
network
low complexity
librenms CWE-89
6.5
6.5
2020-07-21 CVE-2020-15877 Exposure of Resource to Wrong Sphere vulnerability in Librenms
An issue was discovered in LibreNMS before 1.65.1.
network
low complexity
librenms CWE-668
6.5
6.5
2020-07-21 CVE-2020-15873 SQL Injection vulnerability in Librenms
In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.
network
low complexity
librenms CWE-89
4.0
4.0