Page 8 of 56 results (0.003 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Genérico en Packagist librenms/librenms versiones anteriores a 22.1.0 • https://github.com/librenms/librenms/commit/135717a9a05c5bf8921f1389cbb469dcbf300bfd https://huntr.dev/bounties/114ba055-a2f0-4db9-aafb-95df944ba177 https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

LibreNMS through 21.10.2 allows XSS via a widget title. LibreNMS versiones hasta 21.10.2, permite un ataque de tipo XSS por medio de un título de widget • https://github.com/librenms/librenms/commit/99d2462b80435b91a35236639b909eebee432126 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed. En LibreNMS versiones anteriores a 21.3.0, se ha identificado una vulnerabilidad de tipo XSS almacenada en la página de acceso a la API debido a un saneo insuficiente de la variable $api-)description. Como resultado, puede ser ejecutado código Javascript arbitrario • https://community.librenms.org/t/vulnerability-report-cross-site-scripting-xss-in-the-api-access-page/15431 https://github.com/librenms/librenms https://github.com/librenms/librenms/pull/12739 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

A second-order SQL injection issue in Widgets/TopDevicesController.php (aka the Top Devices dashboard widget) of LibreNMS before 21.1.0 allows remote authenticated attackers to execute arbitrary SQL commands via the sort_order parameter against the /ajax/form/widget-settings endpoint. Un problema de inyección SQL de segundo orden en el archivo Widgets/TopDevicesController.php (también se conoce como el widget de tablero Top Devices) de LibreNMS versiones anteriores a 21.1.0, permite a atacantes remotos autenticados ejecutar comandos SQL arbitrarios por medio del parámetro sort_order contra el endpoint /ajax/form/widget-settings • https://github.com/librenms/librenms/blob/master/app/Http/Controllers/Widgets/TopDevicesController.php https://github.com/librenms/librenms/issues/12405 https://github.com/librenms/librenms/pull/12422 https://github.com/librenms/librenms/releases/tag/21.1.0 https://www.horizon3.ai/disclosures/librenms-second-order-sqli • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php. Se detectó un problema en LibreNMS versiones anteriores a 1.65.1. Presenta un control de acceso insuficiente para usuarios normales debido a "'guard' =) 'admin'" en lugar de "'middleware' =) ['can:admin']" en el archivo routes/web.php • https://community.librenms.org/c/announcements https://github.com/librenms/librenms/commit/e5bb6d80bc308fc56b9a01ffb76c34159995353c https://github.com/librenms/librenms/compare/1.65...1.65.1 https://github.com/librenms/librenms/pull/11915 https://github.com/librenms/librenms/releases/tag/1.65.1 https://shielder.it/blog •