librenms/librenms Security Advisories for 23.9.0 (41)
-
[MEDIUM] LibreNMS Alert Rule API Cross-Site Scripting Vulnerability
PKSA-qmxf-dcgt-4ft3 CVE-2025-68614 GHSA-c89f-8g7g-59wj
Affected version: <25.12.0
Reported by:
GitHub -
[MEDIUM] LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint
PKSA-7dfn-9svk-zsqn CVE-2025-65093 GHSA-6pmj-xjxp-p8g9
Affected version: <=25.10.0
Reported by:
GitHub -
[LOW] LibreNMS has Weak Password Policy
PKSA-5jjt-bqv9-rkt7 CVE-2025-65014 GHSA-5mrf-j8v6-f45g
Affected version: <25.11.0
Reported by:
GitHub -
[MEDIUM] LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`
PKSA-2rhd-6w4r-2261 CVE-2025-65013 GHSA-j8cq-7f6p-256x
Affected version: <25.11.0
Reported by:
GitHub -
[LOW] LibreNMS alert-rules has a Cross-Site Scripting Vulnerability
PKSA-dd4d-7vsb-nysk CVE-2025-62412 GHSA-6g2v-66ch-6xmh
Affected version: <=25.8.0
Reported by:
GitHub -
[MEDIUM] LibreNMS has a Stored XSS vulnerability in its Alert Transport name field
PKSA-d4tx-zpjw-46cf CVE-2025-62411 GHSA-frc6-pwgr-c28w
Affected version: <25.10.0
Reported by:
GitHub -
[MEDIUM] LibreNMS is vulnerable to Reflected-XSS in `report_this` function
PKSA-hmpp-vqmr-y8ct CVE-2025-62365 GHSA-86rg-8hc8-v82p
Affected version: <=25.6.0
Reported by:
GitHub -
[MEDIUM] LibreNMS allows stored XSS in Alert Template name field
PKSA-hnxn-wg5j-bmg6 CVE-2025-55296 GHSA-vxq6-8cwm-wj99
Affected version: <25.8.0
Reported by:
GitHub -
[HIGH] LibreNMS has Authenticated Remote File Inclusion in ajax_form.php that Allows RCE
PKSA-q97j-hw3m-d3vd CVE-2025-54138 GHSA-gq96-8w38-hhj2
Affected version: <25.7.0
Reported by:
GitHub -
[LOW] LibreNMS stored Cross-site Scripting vulnerability in poller group name
PKSA-zmjd-rkhn-89x6 CVE-2025-47931 GHSA-hxw5-9cc5-cmw5
Affected version: <25.5.0
Reported by:
GitHub -
[MEDIUM] Librenms has a reflected XSS on error alert
PKSA-wm61-7jpt-8qtq CVE-2025-23201 GHSA-g84x-g96g-rcjc
Affected version: <=24.10.1
Reported by:
GitHub -
[MEDIUM] LibreNMS Misc Section Stored Cross-site Scripting vulnerability
PKSA-j79c-gnyg-4dg2 CVE-2025-23200 GHSA-c66p-64fj-jmc2
Affected version: >=23.9.0,<24.10.1
Reported by:
GitHub -
[MEDIUM] LibreNMS Ports Stored Cross-site Scripting vulnerability
PKSA-6hkp-rngj-sfhp CVE-2025-23199 GHSA-27vf-3g4f-6jp7
Affected version: <24.10.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php
PKSA-8417-9f2m-4f18 CVE-2024-52526 GHSA-8fh4-942r-jf2g
Affected version: <=24.9.1
Reported by:
GitHub -
[CRITICAL] LibreNMS has an Authenticated OS Command Injection
PKSA-h2yt-ck16-pnsc CVE-2024-51092 GHSA-x645-6pf9-xwxw
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php
PKSA-dvsv-s8nn-9mk5 CVE-2024-51497 GHSA-gv4m-f6fx-859x
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php
PKSA-wh3m-km32-g613 CVE-2024-51496 GHSA-28p7-f6h6-3jh3
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php
PKSA-km6n-48z2-nq7j CVE-2024-51495 GHSA-p66q-ppwr-q5j8
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
PKSA-3ph9-yzgt-sqfw CVE-2024-51494 GHSA-7663-37rg-c377
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints
PKSA-xz8r-g47r-9wyx CVE-2024-50355 GHSA-4m5r-w2rq-q54q
Affected version: <=24.9.0
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/overview/services.inc.php
PKSA-qpyt-p5td-8rqq CVE-2024-50352 GHSA-qr8f-5qqg-j3wg
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php
PKSA-zwgv-hsv9-bqx7 CVE-2024-50351 GHSA-v7w9-63xh-6r3w
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
PKSA-tkc5-5hm7-wc1w CVE-2024-50350 GHSA-xh4g-c9p6-5jxg
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php
PKSA-7gfj-rwjs-mdc6 CVE-2024-49764 GHSA-rmr4-x6c9-jc68
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php
PKSA-d996-rv6y-5r46 CVE-2024-49759 GHSA-888j-pjqh-fx58
Affected version: <=24.9.1
Reported by:
GitHub -
[MEDIUM] LibreNMS has a stored XSS in ExamplePlugin with Device's Notes
PKSA-gzkw-wrwk-5my1 CVE-2024-49758 GHSA-c86q-rj37-8f85
Affected version: <=24.9.0
Reported by:
GitHub -
[HIGH] LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.php
PKSA-knhw-5drh-jk8b CVE-2024-49754 GHSA-gfwr-xqmj-j27v
Affected version: <=24.9.1
Reported by:
GitHub -
[LOW] LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
PKSA-n7p4-zf3z-2mtf CVE-2024-47528 GHSA-x8gm-j36p-fppf
Affected version: <24.9.0
Reported by:
GitHub -
[MEDIUM] LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature
PKSA-6p9c-x5jf-zqsy CVE-2024-47523 GHSA-7f84-28qh-9486
Affected version: <24.9.0
Reported by:
GitHub -
[HIGH] LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name
PKSA-y8kq-my2g-47kx CVE-2024-47524 GHSA-fc38-2254-48g7
Affected version: <24.9.0
Reported by:
GitHub -
[MEDIUM] LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature
PKSA-8hhb-2cz5-4n8w CVE-2024-47525 GHSA-j2j9-7pr6-xqwv
Affected version: <24.9.0
Reported by:
GitHub -
[LOW] LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature
PKSA-gft3-nv99-cjj1 CVE-2024-47526 GHSA-gcgp-q2jq-fw52
Affected version: <24.9.0
Reported by:
GitHub -
[MEDIUM] LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature
PKSA-7565-8pyc-txxc CVE-2024-47527 GHSA-rwwc-2v8q-gc9v
Affected version: <24.9.0
Reported by:
GitHub -
[HIGH] LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
PKSA-wskr-mbrz-ct8p CVE-2024-32480 GHSA-jh57-j3vq-h438
Affected version: <24.4.0
Reported by:
GitHub -
[HIGH] LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
PKSA-g1ms-vbct-y8y2 CVE-2024-32479 GHSA-72m9-7c8x-pmmw
Affected version: <24.4.0
Reported by:
GitHub -
[HIGH] LibreNMS vulnerable to SQL injection time-based leads to database extraction
PKSA-cqy2-j4sq-mj1m CVE-2024-32461 GHSA-cwx6-cx7x-4q34
Affected version: <24.4.0
Reported by:
GitHub -
[MEDIUM] LibreNMS has Broken Access control on Graphs Feature
PKSA-dy6r-dy8y-9wrb CVE-2023-48294 GHSA-fpq5-4vwm-78x4
Affected version: <23.11.0
Reported by:
GitHub -
[MEDIUM] LibreNMS Cross-site Scripting at Device groups Deletion feature
PKSA-pkpr-46hb-bg9j CVE-2023-48295 GHSA-8phr-637g-pxrg
Affected version: <23.11.0
Reported by:
GitHub -
[MEDIUM] LibreNMS vulnerable to rate limiting bypass on login page
PKSA-z23c-gbcv-4pv2 CVE-2023-46745 GHSA-rq42-58qf-v3qx
Affected version: <23.11.0
Reported by:
GitHub -
[HIGH] SQL injection in librenms/librenms
PKSA-xq48-tmhk-hpm4 CVE-2023-5591 GHSA-mr6h-7x2m-rgmq
Affected version: <23.10.0
Reported by:
GitHub -
[HIGH] Cross site scripting in librenms
PKSA-39bn-qzf7-nrzs CVE-2023-5060 GHSA-2q8c-gqf4-mg3v
Affected version: <23.9.1
Reported by:
GitHub