Page 9 of 63 results (0.007 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php. Librenms versión 21.11.0 está afectado por una vulnerabilidad de manipulación de ruta en el archivo includes/html/pages/device/showconfig.inc.php • https://github.com/librenms/librenms/pull/13554 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php. Librenms versión 21.11.0 está afectado por una vulnerabilidad de Cross Site Scripting (XSS) en includes/html/common/alert-log.inc.php • https://github.com/librenms/librenms/pull/13554 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php. Librenms 21.11.0 está afectado por una vulnerabilidad de Cross Site Scripting (XSS) en includes/html/forms/poller-groups.inc.php • https://github.com/librenms/librenms/pull/13554 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

LibreNMS through 21.10.2 allows XSS via a widget title. LibreNMS versiones hasta 21.10.2, permite un ataque de tipo XSS por medio de un título de widget • https://github.com/librenms/librenms/commit/99d2462b80435b91a35236639b909eebee432126 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed. En LibreNMS versiones anteriores a 21.3.0, se ha identificado una vulnerabilidad de tipo XSS almacenada en la página de acceso a la API debido a un saneo insuficiente de la variable $api-)description. Como resultado, puede ser ejecutado código Javascript arbitrario • https://community.librenms.org/t/vulnerability-report-cross-site-scripting-xss-in-the-api-access-page/15431 https://github.com/librenms/librenms https://github.com/librenms/librenms/pull/12739 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •