pkg:Packagist/librenms/librenms

All known vulnerabilities

• CRITICAL9.8CVE-2022-4070Insufficient Session Expiration in librenms/librenms
  from 0, < 22.10.0
• CRITICAL9.8CVE-2019-10665LibreNMS Information Disclosure
  from 0, <= 1.47
• CRITICAL9.8LibreNMS arbitrary OS commands execution
• CRITICAL9.8Path traversal in librenms/librenms
  from 0, <= 21.11.0
• CRITICAL9.3LibreNMS: SQL Injection in ajax_table.php spreads through a covert data stream.
  from 0, < 26.2.0
• CRITICAL9.1LibreNMS has an Authenticated OS Command Injection
  from 0, < 24.10.0
• CRITICAL9.1Missing Authentication for Critical Function in LibreNMS
  from 0, < 1.50.1
• HIGH8.8LibreNMS has a Time-Based Blind SQL Injection in address-search.inc.php
  from 0, < 26.2.0
• HIGH8.8LibreNMS vulnerable to SQL injection time-based leads to database extraction
  from 0, < 24.4.0
• HIGH8.8Deserialization of Untrusted Data in librenms/librenms
  from 0, < 22.10.0
• HIGH8.8LibreNMS SQL Injection
  from 0, < 1.65
• HIGH8.8Exposure of Resource to Wrong Sphere in LibreNMS
  from 0, < 1.65.1
• HIGH8.8SQL Injection in librenms
  from 0, < 21.1.0
• HIGH8.8SQL Injection in LibreNMS
  from 0, < 1.50.1
• HIGH8.8Improper Encoding or Escaping of Output and Injection in LibreNMS
  >= 1.50.1, < 1.53
• HIGH8.4Cross site scripting in librenms
  from 0, < 23.9.1
• HIGH8.1SQL Injection in LibreNMS
  from 0, < 1.53
• HIGH7.8SQL injection in librenms/librenms
  from 0, < 23.10.0
• HIGH7.6LibreNMS Cross-site Scripting vulnerability
  from 0, < 23.8.0
• HIGH7.6Cross-site Scripting in librenms/librenms
  from 0, < 22.10.0
• HIGH7.5LibreNMS has Authenticated Remote File Inclusion in ajax_form.php that Allows RCE
  from 0, < 25.7.0
• HIGH7.5LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php
  from 0, < 24.10.0
• HIGH7.5LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php
  from 0, < 24.10.0
• HIGH7.5LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php
  from 0, < 24.10.0
• HIGH7.5LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php
  from 0, < 24.10.0
• HIGH7.5LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
  from 0, < 24.10.0
• HIGH7.5LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/overview/services.inc.php
  from 0, < 24.10.0
• HIGH7.5LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php
  from 0, < 24.10.0
• HIGH7.5LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
  from 0, < 24.10.0
• HIGH7.5LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php
  from 0, < 24.10.0
• HIGH7.5Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php
  from 0, < 24.10.0
• HIGH7.5LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.php
  from 0, < 24.10.0
• HIGH7.5LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature
  from 0, < 24.9.0
• HIGH7.5LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature
  from 0, < 24.9.0
• HIGH7.5LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature
  from 0, < 24.9.0
• HIGH7.5Path Traversal in LibreNMS
  from 0, < 1.53
• HIGH7.2LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints
  from 0, < 24.10.0
• HIGH7.2LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name
  from 0, < 24.9.0
• HIGH7.2LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
  from 0, < 24.4.0
• HIGH7.1LibreNMS contains an authenticated SQL Injection vulnerability
  from 0, <= 1.46
• HIGH7.1LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
  from 0, < 24.4.0
• HIGH7.1Improper Access Control in librenms
  from 0, < 22.2.0
• HIGH7.1Improper Authorization in librenms
  from 0, < 22.2.0
• MEDIUM6.8LibreNMS has a stored XSS in ExamplePlugin with Device's Notes
  from 0, < 24.10.0
• MEDIUM6.5LibreNMS SQL Injection vulnerability
  from 0, < 1.65.1
• MEDIUM6.5Missing Authorization in librenms/librenms
  from 0, < 22.2.0
• MEDIUM6.3LibreNMS Cross-site Scripting at Device groups Deletion feature
  from 0, < 23.11.0
• MEDIUM6.2LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`
  from 0, < 25.11.0
• MEDIUM6.1LibreNMS Cross-site Scripting vulnerability
  from 0, < 23.9.0
• MEDIUM6.1Cross-site Scripting in librenms/librenms
  from 0, < 22.10.0
• MEDIUM6.1Cross-site Scripting in librenms/librenms
  from 0, < 22.10.0
• MEDIUM6.1LibreNMS vulnerable to Cross-Site Scripting (XSS)
  from 0, < 22.7.0
• MEDIUM6.1LibreNMS vulnerable to Cross-Site Scripting (XSS)
  from 0, < 22.7.0
• MEDIUM6.1Cross site scripting in librenms
  from 0, < 22.4.0
• MEDIUM6.1LibreNMS XSS Vulnerability
  from 0, < 1.44
• MEDIUM6.1Cross-site Scripting in librenms
  from 0, < 22.1.0
• MEDIUM6.1Cross-site Scripting in LibreNMS
  from 0, <= 21.11.0
• MEDIUM6.1Cross-site Scripting in LibreNMS
  from 0, <= 21.11.0
• MEDIUM6.1Cross-site Scripting in LibreNMS
  from 0, < 21.11.0
• MEDIUM5.9LibreNMS Arbitrary File Read
  from 0, < 1.31
• MEDIUM5.5LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint
  from 0, < 25.11.0
• MEDIUM5.5LibreNMS has a Stored XSS vulnerability in its Alert Transport name field
  from 0, < 25.10.0
• MEDIUM5.5LibreNMS allows stored XSS in Alert Template name field
  from 0, < 25.8.0
• MEDIUM5.4LibreNMS has a Stored XSS in Custom OID - unit parameter missing strip_tags()
  >= 24.10.0, < 26.2.0
• MEDIUM5.4Librenms has a reflected XSS on error alert
  from 0, < 24.11.0
• MEDIUM5.4LibreNMS stored cross-site scripting (XSS) vulnerability in the Device Settings section
  >= 24.9.0, < 24.11.0
• MEDIUM5.4LibreNMS Cross-site Scripting vulnerability
  from 0, < 23.9.0
• MEDIUM5.4LibreNMS Cross-site Scripting vulnerability
  from 0, < 23.9.0
• MEDIUM5.4LibreNMS Cross-site Scripting vulnerability
  from 0, < 23.9.0
• MEDIUM5.4LibreNMS Cross-site Scripting vulnerability
  from 0, < 23.9.0
• MEDIUM5.4LibreNMS Code Injection vulnerability
  from 0, < 23.9.0
• MEDIUM5.4Cross-site Scripting in librenms/librenms
  from 0, < 22.10.0
• MEDIUM5.4Cross-site Scripting in librenms/librenms
  from 0, < 22.10.0
• MEDIUM5.4LibreNMS stored Cross-site Scripting via Schedule Maintenance `Title` parameter
  from 0, < 22.9.0
• MEDIUM5.4Cross-site Scripting in librenms
  from 0, < 22.1.0
• MEDIUM5.4Cross-site Scripting in librenms
  from 0, < 22.2.0
• MEDIUM5.4Cross-site Scripting in LibreNMS
  from 0, < 21.3.0
• MEDIUM5.3LibreNMS vulnerable to rate limiting bypass on login page
  from 0, < 23.11.0
• MEDIUM5.3Exposure of Sensitive Information to an Unauthorized Actor in LibreNMS
  from 0, < 1.50.1
• MEDIUM4.8LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
  from 0, < 24.9.0
• MEDIUM4.8Cross-site Scripting in librenms/librenms
  from 0, < 22.10.0
• MEDIUM4.8Cross site scripting in LibreNMS
  from 0, < 22.2.2
• MEDIUM4.6LibreNMS Misc Section Stored Cross-site Scripting vulnerability
  >= 23.9.0, < 24.11.0
• MEDIUM4.6LibreNMS Ports Stored Cross-site Scripting vulnerability
  from 0, < 24.11.0
• MEDIUM4.6LibreNMS Display Name Stored Cross-site Scripting vulnerability
  >= 24.9.0, < 24.11.0
• MEDIUM4.6LibreNMS Display Name 2 Stored Cross-site Scripting vulnerability
  >= 24.11.10, < 24.12.0
• MEDIUM4.3LibreNMS has a Stored XSS in Alert Rule
  from 0, < 26.2.0
• MEDIUM4.3LibreNMS Alert Rule API Cross-Site Scripting Vulnerability
  from 0, < 25.12.0
• MEDIUM4.3LibreNMS has Broken Access control on Graphs Feature
  from 0, < 23.11.0
• LOW3.8LibreNMS alert-rules has a Cross-Site Scripting Vulnerability
  from 0, < 25.10.0
• LOW3.7LibreNMS has Weak Password Policy
  from 0, < 25.11.0
• LOW3.5Duplicate Advisory: LibreNMS affected by an authenticated Cross-site Scripting vulnerability on the showconfig page
  from 0, < 26.3.0
• LOW3.5Duplicate Advisory: LibreNMS affected by an authenticated Cross-site Scripting vulnerability on the showconfig page
  >= 25.12.0, < 26.3.0
• LOW3.5LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature
  from 0, < 24.9.0
• —LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write
  >= 1.48, < 26.3.0
• —LibreNMS /port-groups name Stored Cross-Site Scripting
  from 0, < 26.2.0
• —LibreNMS /device-groups name Stored Cross-Site Scripting
  from 0, < 26.2.0
• —LibreNMS affected by reflected xss via email field
  from 0, < 26.2.0
• —LibreNMS is vulnerable to Reflected-XSS in `report_this` function
  from 0, < 25.7.0
• —LibreNMS stored Cross-site Scripting vulnerability in poller group name
  from 0, < 25.5.0