Security Advisories - librenms/librenms

librenms/librenms Security Advisories for 24.10.0 (15)

[MEDIUM] LibreNMS Alert Rule API Cross-Site Scripting Vulnerability

PKSA-qmxf-dcgt-4ft3 CVE-2025-68614 GHSA-c89f-8g7g-59wj

Affected version: <25.12.0

Reported by:
GitHub
[MEDIUM] LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint

PKSA-7dfn-9svk-zsqn CVE-2025-65093 GHSA-6pmj-xjxp-p8g9

Affected version: <=25.10.0

Reported by:
GitHub
[LOW] LibreNMS has Weak Password Policy

PKSA-5jjt-bqv9-rkt7 CVE-2025-65014 GHSA-5mrf-j8v6-f45g

Affected version: <25.11.0

Reported by:
GitHub
[MEDIUM] LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`

PKSA-2rhd-6w4r-2261 CVE-2025-65013 GHSA-j8cq-7f6p-256x

Affected version: <25.11.0

Reported by:
GitHub
[LOW] LibreNMS alert-rules has a Cross-Site Scripting Vulnerability

PKSA-dd4d-7vsb-nysk CVE-2025-62412 GHSA-6g2v-66ch-6xmh

Affected version: <=25.8.0

Reported by:
GitHub
[MEDIUM] LibreNMS has a Stored XSS vulnerability in its Alert Transport name field

PKSA-d4tx-zpjw-46cf CVE-2025-62411 GHSA-frc6-pwgr-c28w

Affected version: <25.10.0

Reported by:
GitHub
[MEDIUM] LibreNMS is vulnerable to Reflected-XSS in `report_this` function

PKSA-hmpp-vqmr-y8ct CVE-2025-62365 GHSA-86rg-8hc8-v82p

Affected version: <=25.6.0

Reported by:
GitHub
[MEDIUM] LibreNMS allows stored XSS in Alert Template name field

PKSA-hnxn-wg5j-bmg6 CVE-2025-55296 GHSA-vxq6-8cwm-wj99

Affected version: <25.8.0

Reported by:
GitHub
[HIGH] LibreNMS has Authenticated Remote File Inclusion in ajax_form.php that Allows RCE

PKSA-q97j-hw3m-d3vd CVE-2025-54138 GHSA-gq96-8w38-hhj2

Affected version: <25.7.0

Reported by:
GitHub
[LOW] LibreNMS stored Cross-site Scripting vulnerability in poller group name

PKSA-zmjd-rkhn-89x6 CVE-2025-47931 GHSA-hxw5-9cc5-cmw5

Affected version: <25.5.0

Reported by:
GitHub
[MEDIUM] Librenms has a reflected XSS on error alert

PKSA-wm61-7jpt-8qtq CVE-2025-23201 GHSA-g84x-g96g-rcjc

Affected version: <=24.10.1

Reported by:
GitHub
[MEDIUM] LibreNMS Misc Section Stored Cross-site Scripting vulnerability

PKSA-j79c-gnyg-4dg2 CVE-2025-23200 GHSA-c66p-64fj-jmc2

Affected version: >=23.9.0,<24.10.1

Reported by:
GitHub
[MEDIUM] LibreNMS Ports Stored Cross-site Scripting vulnerability

PKSA-6hkp-rngj-sfhp CVE-2025-23199 GHSA-27vf-3g4f-6jp7

Affected version: <24.10.1

Reported by:
GitHub
[MEDIUM] LibreNMS Display Name Stored Cross-site Scripting vulnerability

PKSA-219w-grmd-yvrn CVE-2025-23198 GHSA-pm8j-3v64-92cq

Affected version: >=24.9.0,<24.10.1

Reported by:
GitHub
[MEDIUM] LibreNMS stored cross-site scripting (XSS) vulnerability in the Device Settings section

PKSA-yg9q-z1cc-swz5 CVE-2024-53457 GHSA-6c5q-fg3g-qhhv

Affected version: >=24.9.0,<24.11.0

Reported by:
GitHub

librenms/librenms Security Advisories for 24.10.0 (15)

[MEDIUM] LibreNMS Alert Rule API Cross-Site Scripting Vulnerability

[MEDIUM] LibreNMS is vulnerable to SQL Injection (Boolean-Based Blind) in hostname parameter in ajax_output.php endpoint

[LOW] LibreNMS has Weak Password Policy

[MEDIUM] LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`

[LOW] LibreNMS alert-rules has a Cross-Site Scripting Vulnerability

[MEDIUM] LibreNMS has a Stored XSS vulnerability in its Alert Transport name field

[MEDIUM] LibreNMS is vulnerable to Reflected-XSS in `report_this` function

[MEDIUM] LibreNMS allows stored XSS in Alert Template name field

[HIGH] LibreNMS has Authenticated Remote File Inclusion in ajax_form.php that Allows RCE

[LOW] LibreNMS stored Cross-site Scripting vulnerability in poller group name

[MEDIUM] Librenms has a reflected XSS on error alert

[MEDIUM] LibreNMS Misc Section Stored Cross-site Scripting vulnerability

[MEDIUM] LibreNMS Ports Stored Cross-site Scripting vulnerability

[MEDIUM] LibreNMS Display Name Stored Cross-site Scripting vulnerability

[MEDIUM] LibreNMS stored cross-site scripting (XSS) vulnerability in the Device Settings section