CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46745 – Rate limiting Bypass on login page in libreNMS
https://notcve.org/view.php?id=CVE-2023-46745
17 Nov 2023 — LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions the login method has no rate limit. An attacker may be able to leverage this vulnerability to gain access to user accounts. This issue has been addressed in version 23.11.0. Users are advised to upgrade. • https://github.com/librenms/librenms/security/advisories/GHSA-rq42-58qf-v3qx • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48294 – Broken Access control on Graphs Feature in LibreNMS
https://notcve.org/view.php?id=CVE-2023-48294
17 Nov 2023 — LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to `graph.php` to access graphs generated on the particular Device. This request can be accessed by a low privilege user and they can enumerate devices on librenms with their id or hostname. Leveraging this vulnerability a low privilege user can see all devic... • https://github.com/librenms/librenms/blob/fa93034edd40c130c2ff00667ca2498d84be6e69/html/graph.php#L19C1-L25C2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48295 – Cross-site Scripting at Device groups Deletion feature in LibreNMS
https://notcve.org/view.php?id=CVE-2023-48295
17 Nov 2023 — LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit `faf66035ea` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. • https://github.com/librenms/librenms/blob/63eeeb71722237d1461a37bb6da99fda25e02c91/app/Http/Controllers/DeviceGroupController.php#L173C21-L173C21 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5591 – SQL Injection in librenms/librenms
https://notcve.org/view.php?id=CVE-2023-5591
16 Oct 2023 — SQL Injection in GitHub repository librenms/librenms prior to 23.10.0. Inyección SQL en librenms/librenms del repositorio de GitHub anteriores a 23.10.0. • https://github.com/librenms/librenms/commit/908aef65967ce6184bdc587fd105660d5d55129e • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5060 – Cross-site Scripting (XSS) - DOM in librenms/librenms
https://notcve.org/view.php?id=CVE-2023-5060
19 Sep 2023 — Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1. Cross-Site Scripting (XSS): DOM en librenms/librenms del repositorio de GitHub anteriores a 23.9.1. • https://github.com/librenms/librenms/commit/8fd8d9b06a11060de5dc69588a1a83594a7e6f72 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4982 – Cross-site Scripting (XSS) - Stored in librenms/librenms
https://notcve.org/view.php?id=CVE-2023-4982
15 Sep 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0. Cross-site Scripting (XSS): almacenado en el repositorio de GitHub librenms/librenms anterior a 23.9.0. • https://github.com/librenms/librenms/commit/2c5960631c49f7414f61b6d4dcd305b07da05769 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4981 – Cross-site Scripting (XSS) - DOM in librenms/librenms
https://notcve.org/view.php?id=CVE-2023-4981
15 Sep 2023 — Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0. Cross-site Scripting (XSS): DOM en librenms/librenms del repositorio de GitHub anteriores a 23.9.0. • https://github.com/librenms/librenms/commit/03c4da62c8acde0a82acbb4a445ae866ebfdd3f7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4980 – Cross-site Scripting (XSS) - Generic in librenms/librenms
https://notcve.org/view.php?id=CVE-2023-4980
15 Sep 2023 — Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0. Cross-site Scripting (XSS): genérico en librenms/librenms del repositorio de GitHub anteriores a 23.9.0. • https://github.com/librenms/librenms/commit/cfd642be6a1e988453bd63069d17db3664e7de97 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4978 – Cross-site Scripting (XSS) - DOM in librenms/librenms
https://notcve.org/view.php?id=CVE-2023-4978
15 Sep 2023 — Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0. Cross-Site Scripting (XSS): DOM en librenms/librenms del repositorio de GitHub anteriores a 23.9.0. • https://github.com/librenms/librenms/commit/e4c46a45364cb944b94abf9b83f0558b2c4c2fb7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4979 – Cross-site Scripting (XSS) - Reflected in librenms/librenms
https://notcve.org/view.php?id=CVE-2023-4979
15 Sep 2023 — Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0. Cross-Site Scripting (XSS): reflejado en librenms/librenms del repositorio de GitHub anteriores a 23.9.0. • https://github.com/librenms/librenms/commit/49d66fa31b43acef02eaa09ee9af15fe7e16cd03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •