librenms/librenms Security Advisories for 24.9.0 (20)
-
[MEDIUM] Librenms has a reflected XSS on error alert
PKSA-wm61-7jpt-8qtq CVE-2025-23201 GHSA-g84x-g96g-rcjc
Affected version: <=24.10.1
Reported by:
GitHub -
[MEDIUM] LibreNMS Misc Section Stored Cross-site Scripting vulnerability
PKSA-j79c-gnyg-4dg2 CVE-2025-23200 GHSA-c66p-64fj-jmc2
Affected version: >=23.9.0,<24.10.1
Reported by:
GitHub -
[MEDIUM] LibreNMS Ports Stored Cross-site Scripting vulnerability
PKSA-6hkp-rngj-sfhp CVE-2025-23199 GHSA-27vf-3g4f-6jp7
Affected version: <24.10.1
Reported by:
GitHub -
[MEDIUM] LibreNMS Display Name Stored Cross-site Scripting vulnerability
PKSA-219w-grmd-yvrn CVE-2025-23198 GHSA-pm8j-3v64-92cq
Affected version: >=24.9.0,<24.10.1
Reported by:
GitHub -
[MEDIUM] LibreNMS stored cross-site scripting (XSS) vulnerability in the Device Settings section
PKSA-yg9q-z1cc-swz5 CVE-2024-53457 GHSA-6c5q-fg3g-qhhv
Affected version: >=24.9.0,<24.11.0
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php
PKSA-8417-9f2m-4f18 CVE-2024-52526 GHSA-8fh4-942r-jf2g
Affected version: <=24.9.1
Reported by:
GitHub -
[CRITICAL] LibreNMS has an Authenticated OS Command Injection
PKSA-h2yt-ck16-pnsc CVE-2024-51092 GHSA-x645-6pf9-xwxw
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php
PKSA-dvsv-s8nn-9mk5 CVE-2024-51497 GHSA-gv4m-f6fx-859x
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php
PKSA-wh3m-km32-g613 CVE-2024-51496 GHSA-28p7-f6h6-3jh3
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php
PKSA-km6n-48z2-nq7j CVE-2024-51495 GHSA-p66q-ppwr-q5j8
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
PKSA-3ph9-yzgt-sqfw CVE-2024-51494 GHSA-7663-37rg-c377
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints
PKSA-xz8r-g47r-9wyx CVE-2024-50355 GHSA-4m5r-w2rq-q54q
Affected version: <=24.9.0
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/overview/services.inc.php
PKSA-qpyt-p5td-8rqq CVE-2024-50352 GHSA-qr8f-5qqg-j3wg
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php
PKSA-zwgv-hsv9-bqx7 CVE-2024-50351 GHSA-v7w9-63xh-6r3w
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
PKSA-tkc5-5hm7-wc1w CVE-2024-50350 GHSA-xh4g-c9p6-5jxg
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php
PKSA-7gfj-rwjs-mdc6 CVE-2024-49764 GHSA-rmr4-x6c9-jc68
Affected version: <=24.9.1
Reported by:
GitHub -
[HIGH] Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php
PKSA-d996-rv6y-5r46 CVE-2024-49759 GHSA-888j-pjqh-fx58
Affected version: <=24.9.1
Reported by:
GitHub -
[MEDIUM] LibreNMS has a stored XSS in ExamplePlugin with Device's Notes
PKSA-gzkw-wrwk-5my1 CVE-2024-49758 GHSA-c86q-rj37-8f85
Affected version: <=24.9.0
Reported by:
GitHub -
[HIGH] LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.php
PKSA-knhw-5drh-jk8b CVE-2024-49754 GHSA-gfwr-xqmj-j27v
Affected version: <=24.9.1
Reported by:
GitHub -
[MEDIUM] LibreNMS Arbitrary File Read
PKSA-6jtq-3877-1tyc CVE-2017-16759 GHSA-4ccx-wjqp-5fww
Affected version: <2017-08-18
Reported by:
GitHub