CVE-2022-3516 – Cross-site Scripting (XSS) - Stored in librenms/librenms
https://notcve.org/view.php?id=CVE-2022-3516
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. Cross-Site Scripting (XSS) - Stored en el repositorio de GitHub librenms/librenms anterior a 22.10.0. • https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c https://huntr.dev/bounties/734bb5eb-715c-4b64-bd33-280300a63748 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-3525 – Deserialization of Untrusted Data in librenms/librenms
https://notcve.org/view.php?id=CVE-2022-3525
Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0. Deserialización de Datos que no son de confianza en librenms/librenms del repositorio de GitHub anteriores a 22.10.0. • https://github.com/librenms/librenms/commit/ae3925b09ad3c5d0f7a9d5a26ae2f2f778834948 https://huntr.dev/bounties/ed048e8d-87af-440a-a91f-be1e65a40330 • CWE-502: Deserialization of Untrusted Data •
CVE-2022-4068 – Improperly Controlled Modification of Dynamically-Determined Object Attributes in librenms/librenms
https://notcve.org/view.php?id=CVE-2022-4068
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin's account. Un usuario puede habilitar su propia cuenta si un administrador la deshabilitó mientras el usuario aún tiene una sesión válida. Además, el nombre de usuario no se sanitiza adecuadamente en la descripción general del usuario administrador. • https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1 https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes •
CVE-2022-3231 – Cross-site Scripting (XSS) - Stored in librenms/librenms
https://notcve.org/view.php?id=CVE-2022-3231
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub librenms/librenms versiones anteriores a 22.9.0 • https://github.com/librenms/librenms/commit/08050020861230ff96a6507b309cc172a9e70af8 https://huntr.dev/bounties/bcb6ee68-1452-4fdb-932a-f1031d10984f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-0772 – Cross-site Scripting (XSS) - Stored in librenms/librenms
https://notcve.org/view.php?id=CVE-2022-0772
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub librenms/librenms versiones anteriores a 22.2.2. • https://github.com/librenms/librenms/commit/703745d0ed3948623153117d761ce48514e2f281 https://huntr.dev/bounties/faae29bd-c43a-468d-8af6-2b6aa4d40f09 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •