CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48295 – Cross-site Scripting at Device groups Deletion feature in LibreNMS
https://notcve.org/view.php?id=CVE-2023-48295
17 Nov 2023 — LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit `faf66035ea` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/librenms/librenms/blob/63eeeb71722237d1461a37bb6da99fda25e02c91/app/Http/Controllers/DeviceGroupController.php#L173C21-L173C21 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5591 – SQL Injection in librenms/librenms
https://notcve.org/view.php?id=CVE-2023-5591
16 Oct 2023 — SQL Injection in GitHub repository librenms/librenms prior to 23.10.0. Inyección SQL en librenms/librenms del repositorio de GitHub anteriores a 23.10.0. • https://github.com/librenms/librenms/commit/908aef65967ce6184bdc587fd105660d5d55129e • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5060 – Cross-site Scripting (XSS) - DOM in librenms/librenms
https://notcve.org/view.php?id=CVE-2023-5060
19 Sep 2023 — Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1. Cross-Site Scripting (XSS): DOM en librenms/librenms del repositorio de GitHub anteriores a 23.9.1. • https://github.com/librenms/librenms/commit/8fd8d9b06a11060de5dc69588a1a83594a7e6f72 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4982 – Cross-site Scripting (XSS) - Stored in librenms/librenms
https://notcve.org/view.php?id=CVE-2023-4982
15 Sep 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0. Cross-site Scripting (XSS): almacenado en el repositorio de GitHub librenms/librenms anterior a 23.9.0. • https://github.com/librenms/librenms/commit/2c5960631c49f7414f61b6d4dcd305b07da05769 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4981 – Cross-site Scripting (XSS) - DOM in librenms/librenms
https://notcve.org/view.php?id=CVE-2023-4981
15 Sep 2023 — Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0. Cross-site Scripting (XSS): DOM en librenms/librenms del repositorio de GitHub anteriores a 23.9.0. • https://github.com/librenms/librenms/commit/03c4da62c8acde0a82acbb4a445ae866ebfdd3f7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4980 – Cross-site Scripting (XSS) - Generic in librenms/librenms
https://notcve.org/view.php?id=CVE-2023-4980
15 Sep 2023 — Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0. Cross-site Scripting (XSS): genérico en librenms/librenms del repositorio de GitHub anteriores a 23.9.0. • https://github.com/librenms/librenms/commit/cfd642be6a1e988453bd63069d17db3664e7de97 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4978 – Cross-site Scripting (XSS) - DOM in librenms/librenms
https://notcve.org/view.php?id=CVE-2023-4978
15 Sep 2023 — Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0. Cross-Site Scripting (XSS): DOM en librenms/librenms del repositorio de GitHub anteriores a 23.9.0. • https://github.com/librenms/librenms/commit/e4c46a45364cb944b94abf9b83f0558b2c4c2fb7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4979 – Cross-site Scripting (XSS) - Reflected in librenms/librenms
https://notcve.org/view.php?id=CVE-2023-4979
15 Sep 2023 — Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0. Cross-Site Scripting (XSS): reflejado en librenms/librenms del repositorio de GitHub anteriores a 23.9.0. • https://github.com/librenms/librenms/commit/49d66fa31b43acef02eaa09ee9af15fe7e16cd03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4977 – Code Injection in librenms/librenms
https://notcve.org/view.php?id=CVE-2023-4977
15 Sep 2023 — Code Injection in GitHub repository librenms/librenms prior to 23.9.0. Inyección de código en librenms/librenms del repositorio de GitHub anteriores a 23.9.0. • https://github.com/librenms/librenms/commit/1194934d31c795a3f6877a96ffaa34b1f475bdd0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.6EPSS: 82%CPEs: 1EXPL: 1CVE-2023-4347 – Cross-site Scripting (XSS) - Reflected in librenms/librenms
https://notcve.org/view.php?id=CVE-2023-4347
15 Aug 2023 — Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0. Cross-site Scripting (XSS) - Reflejado en el repositorio GitHub librenms/librenms anterior a 23.8.0. • https://github.com/librenms/librenms/commit/91c57a1ee54631e071b6b0c952d99c8ee892e824 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •