Vulnerabilities > Librenms > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-02-14 CVE-2022-0576 Unspecified vulnerability in Librenms
Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0.
network
low complexity
librenms
6.1
6.1
2021-12-01 CVE-2021-44277 Cross-site Scripting vulnerability in Librenms 21.11.0
Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php.
network
low complexity
librenms CWE-79
6.1
6.1
2021-12-01 CVE-2021-44279 Cross-site Scripting vulnerability in Librenms 21.11.0
Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php.
network
low complexity
librenms CWE-79
6.1
6.1
2021-11-03 CVE-2021-43324 Cross-site Scripting vulnerability in Librenms
LibreNMS through 21.10.2 allows XSS via a widget title.
network
low complexity
librenms CWE-79
6.1
6.1
2021-09-08 CVE-2021-31274 Cross-site Scripting vulnerability in Librenms
In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable.
network
low complexity
librenms CWE-79
5.4
5.4
2020-07-21 CVE-2020-15873 SQL Injection vulnerability in Librenms
In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL Injection via the customoid.inc.php device_id POST parameter to ajax_form.php.
network
low complexity
librenms CWE-89
6.5
6.5
2019-09-09 CVE-2019-10670 Cross-site Scripting vulnerability in Librenms
An issue was discovered in LibreNMS through 1.47.
network
low complexity
librenms CWE-79
6.1
6.1
2019-09-09 CVE-2019-10667 Information Exposure vulnerability in Librenms
An issue was discovered in LibreNMS through 1.47.
network
low complexity
librenms CWE-200
5.3
5.3
2019-08-28 CVE-2019-15230 Cross-site Scripting vulnerability in Librenms 1.54
LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console.
network
low complexity
librenms CWE-79
5.4
5.4
2018-10-18 CVE-2018-18478 Cross-site Scripting vulnerability in Librenms
Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and html/includes/forms/edit-dashboard.inc.php.
network
low complexity
librenms CWE-79
6.1
6.1