Page 3 of 64 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devices registered by admin users. This vulnerability has been addressed in commit `489978a923` which has been included in release version 23.11.0. • https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2 https://github.com/librenms/librenms/commit/489978a923ed52aa243d3419889ca298a8a6a7cf https://github.com/librenms/librenms/security/advisories/GHSA-fpq5-4vwm-78x4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit `faf66035ea` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/librenms/librenms/blob/63eeeb71722237d1461a37bb6da99fda25e02c91/app/Http/Controllers/DeviceGroupController.php#L173C21-L173C21 https://github.com/librenms/librenms/commit/faf66035ea1f4c1c4f34559b9d0ed40ee4a19f90 https://github.com/librenms/librenms/security/advisories/GHSA-8phr-637g-pxrg • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

SQL Injection in GitHub repository librenms/librenms prior to 23.10.0. Inyección SQL en librenms/librenms del repositorio de GitHub anteriores a 23.10.0. • https://github.com/librenms/librenms/commit/908aef65967ce6184bdc587fd105660d5d55129e https://huntr.dev/bounties/54813d42-5b93-440e-b9b1-c179d2cbf090 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1. Cross-Site Scripting (XSS): DOM en librenms/librenms del repositorio de GitHub anteriores a 23.9.1. • https://github.com/librenms/librenms/commit/8fd8d9b06a11060de5dc69588a1a83594a7e6f72 https://huntr.dev/bounties/01b0917d-f92f-4903-9eca-bcfc46e847e3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0. Cross-site Scripting (XSS): almacenado en el repositorio de GitHub librenms/librenms anterior a 23.9.0. • https://github.com/librenms/librenms/commit/2c5960631c49f7414f61b6d4dcd305b07da05769 https://huntr.dev/bounties/d3c2dd8a-883c-400e-a1a7-326c3fd37b9e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •