Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
50 vulnerabilities found for librenms/librenms by librenms
CVE-2023-5591 (GCVE-0-2023-5591)
Vulnerability from nvd – Published: 2023-10-16 00:00 – Updated: 2024-09-16 17:17
VLAI
EPSS
VEX
Title
SQL Injection in librenms/librenms
Summary
SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.
Severity
7.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 23.10.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/54813d42-5b93-440e-b9b1-c179d2cbf090"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/908aef65967ce6184bdc587fd105660d5d55129e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5591",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T17:15:06.142802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T17:17:10.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": " SQL Injection in GitHub repository librenms/librenms prior to 23.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T00:00:19.280Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/54813d42-5b93-440e-b9b1-c179d2cbf090"
},
{
"url": "https://github.com/librenms/librenms/commit/908aef65967ce6184bdc587fd105660d5d55129e"
}
],
"source": {
"advisory": "54813d42-5b93-440e-b9b1-c179d2cbf090",
"discovery": "EXTERNAL"
},
"title": "SQL Injection in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5591",
"datePublished": "2023-10-16T00:00:19.280Z",
"dateReserved": "2023-10-16T00:00:06.456Z",
"dateUpdated": "2024-09-16T17:17:10.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5060 (GCVE-0-2023-5060)
Vulnerability from nvd – Published: 2023-09-19 02:03 – Updated: 2024-09-25 14:26
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - DOM in librenms/librenms
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.
Severity
8.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 23.9.1
(custom)
|
|
| librenms | librenms |
Affected:
0 , < 23.9.1
(custom)
cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/01b0917d-f92f-4903-9eca-bcfc46e847e3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/8fd8d9b06a11060de5dc69588a1a83594a7e6f72"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:21:40.055004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:26:07.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T02:03:32.344Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/01b0917d-f92f-4903-9eca-bcfc46e847e3"
},
{
"url": "https://github.com/librenms/librenms/commit/8fd8d9b06a11060de5dc69588a1a83594a7e6f72"
}
],
"source": {
"advisory": "01b0917d-f92f-4903-9eca-bcfc46e847e3",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5060",
"datePublished": "2023-09-19T02:03:32.344Z",
"dateReserved": "2023-09-19T02:03:19.948Z",
"dateUpdated": "2024-09-25T14:26:07.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4982 (GCVE-0-2023-4982)
Vulnerability from nvd – Published: 2023-09-15 00:00 – Updated: 2024-09-20 17:29
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Stored in librenms/librenms
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 23.9.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d3c2dd8a-883c-400e-a1a7-326c3fd37b9e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/2c5960631c49f7414f61b6d4dcd305b07da05769"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4982",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:28:05.086771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:29:44.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:00:50.054Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d3c2dd8a-883c-400e-a1a7-326c3fd37b9e"
},
{
"url": "https://github.com/librenms/librenms/commit/2c5960631c49f7414f61b6d4dcd305b07da05769"
}
],
"source": {
"advisory": "d3c2dd8a-883c-400e-a1a7-326c3fd37b9e",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4982",
"datePublished": "2023-09-15T00:00:50.054Z",
"dateReserved": "2023-09-15T00:00:38.411Z",
"dateUpdated": "2024-09-20T17:29:44.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4981 (GCVE-0-2023-4981)
Vulnerability from nvd – Published: 2023-09-15 00:00 – Updated: 2024-09-20 17:30
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - DOM in librenms/librenms
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 23.9.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1f014494-49a9-4bf0-8d43-a675498b9609"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/03c4da62c8acde0a82acbb4a445ae866ebfdd3f7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4981",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:28:46.835095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:30:03.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:00:42.509Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1f014494-49a9-4bf0-8d43-a675498b9609"
},
{
"url": "https://github.com/librenms/librenms/commit/03c4da62c8acde0a82acbb4a445ae866ebfdd3f7"
}
],
"source": {
"advisory": "1f014494-49a9-4bf0-8d43-a675498b9609",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4981",
"datePublished": "2023-09-15T00:00:42.509Z",
"dateReserved": "2023-09-15T00:00:38.085Z",
"dateUpdated": "2024-09-20T17:30:03.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4980 (GCVE-0-2023-4980)
Vulnerability from nvd – Published: 2023-09-15 00:00 – Updated: 2024-09-20 17:30
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Generic in librenms/librenms
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 23.9.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/470b9b13-b7fe-4b3f-a186-fdc5dc193976"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/cfd642be6a1e988453bd63069d17db3664e7de97"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:28:54.740007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:30:20.097Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:00:42.319Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/470b9b13-b7fe-4b3f-a186-fdc5dc193976"
},
{
"url": "https://github.com/librenms/librenms/commit/cfd642be6a1e988453bd63069d17db3664e7de97"
}
],
"source": {
"advisory": "470b9b13-b7fe-4b3f-a186-fdc5dc193976",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4980",
"datePublished": "2023-09-15T00:00:42.319Z",
"dateReserved": "2023-09-15T00:00:37.783Z",
"dateUpdated": "2024-09-20T17:30:20.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4979 (GCVE-0-2023-4979)
Vulnerability from nvd – Published: 2023-09-15 00:00 – Updated: 2024-09-20 17:31
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Reflected in librenms/librenms
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 23.9.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e67f8f5d-4048-404f-9b86-cb6b8719b77f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/49d66fa31b43acef02eaa09ee9af15fe7e16cd03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:29:14.824343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:31:14.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:00:19.484Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e67f8f5d-4048-404f-9b86-cb6b8719b77f"
},
{
"url": "https://github.com/librenms/librenms/commit/49d66fa31b43acef02eaa09ee9af15fe7e16cd03"
}
],
"source": {
"advisory": "e67f8f5d-4048-404f-9b86-cb6b8719b77f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4979",
"datePublished": "2023-09-15T00:00:19.484Z",
"dateReserved": "2023-09-15T00:00:07.096Z",
"dateUpdated": "2024-09-20T17:31:14.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4978 (GCVE-0-2023-4978)
Vulnerability from nvd – Published: 2023-09-15 00:00 – Updated: 2024-09-20 17:30
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - DOM in librenms/librenms
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.
Severity
9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 23.9.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/cefd9295-2053-4e6e-a130-7e1f845728f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/e4c46a45364cb944b94abf9b83f0558b2c4c2fb7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:29:04.449641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:30:37.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:00:19.517Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/cefd9295-2053-4e6e-a130-7e1f845728f4"
},
{
"url": "https://github.com/librenms/librenms/commit/e4c46a45364cb944b94abf9b83f0558b2c4c2fb7"
}
],
"source": {
"advisory": "cefd9295-2053-4e6e-a130-7e1f845728f4",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4978",
"datePublished": "2023-09-15T00:00:19.517Z",
"dateReserved": "2023-09-15T00:00:06.950Z",
"dateUpdated": "2024-09-20T17:30:37.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4977 (GCVE-0-2023-4977)
Vulnerability from nvd – Published: 2023-09-15 00:00 – Updated: 2024-09-20 17:32
VLAI
EPSS
VEX
Title
Code Injection in librenms/librenms
Summary
Code Injection in GitHub repository librenms/librenms prior to 23.9.0.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 23.9.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3db8a1a4-ca2d-45df-be18-a959ebf82fbc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/1194934d31c795a3f6877a96ffaa34b1f475bdd0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4977",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:32:02.031115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:32:15.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": " Code Injection in GitHub repository librenms/librenms prior to 23.9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:00:19.430Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3db8a1a4-ca2d-45df-be18-a959ebf82fbc"
},
{
"url": "https://github.com/librenms/librenms/commit/1194934d31c795a3f6877a96ffaa34b1f475bdd0"
}
],
"source": {
"advisory": "3db8a1a4-ca2d-45df-be18-a959ebf82fbc",
"discovery": "EXTERNAL"
},
"title": "Code Injection in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4977",
"datePublished": "2023-09-15T00:00:19.430Z",
"dateReserved": "2023-09-15T00:00:06.848Z",
"dateUpdated": "2024-09-20T17:32:15.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4347 (GCVE-0-2023-4347)
Vulnerability from nvd – Published: 2023-08-15 00:00 – Updated: 2024-10-03 13:41
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Reflected in librenms/librenms
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.
Severity
7.6 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 23.8.0
(custom)
|
|
| librenms | librenms |
Affected:
0 , < 23.8.0
(custom)
cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1f78c6e1-2923-46c5-9376-4cc5a8f1152f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/91c57a1ee54631e071b6b0c952d99c8ee892e824"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4347",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T13:39:38.399299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T13:41:01.070Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-15T00:00:19.923Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1f78c6e1-2923-46c5-9376-4cc5a8f1152f"
},
{
"url": "https://github.com/librenms/librenms/commit/91c57a1ee54631e071b6b0c952d99c8ee892e824"
}
],
"source": {
"advisory": "1f78c6e1-2923-46c5-9376-4cc5a8f1152f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4347",
"datePublished": "2023-08-15T00:00:19.923Z",
"dateReserved": "2023-08-15T00:00:06.680Z",
"dateUpdated": "2024-10-03T13:41:01.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4070 (GCVE-0-2022-4070)
Vulnerability from nvd – Published: 2022-11-20 00:00 – Updated: 2025-04-14 18:16
VLAI
EPSS
VEX
Title
Insufficient Session Expiration in librenms/librenms
Summary
Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 22.10.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/72d426bb-b56e-4534-88ba-0d11381b0775"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/ce8e5f3d056829bfa7a845f9dc2757e21e419ddc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4070",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T18:14:00.753976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T18:16:21.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/72d426bb-b56e-4534-88ba-0d11381b0775"
},
{
"url": "https://github.com/librenms/librenms/commit/ce8e5f3d056829bfa7a845f9dc2757e21e419ddc"
}
],
"source": {
"advisory": "72d426bb-b56e-4534-88ba-0d11381b0775",
"discovery": "EXTERNAL"
},
"title": "Insufficient Session Expiration in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4070",
"datePublished": "2022-11-20T00:00:00.000Z",
"dateReserved": "2022-11-20T00:00:00.000Z",
"dateUpdated": "2025-04-14T18:16:21.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4069 (GCVE-0-2022-4069)
Vulnerability from nvd – Published: 2022-11-20 00:00 – Updated: 2025-04-24 20:10
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Generic in librenms/librenms
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 22.10.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a9925d98-dac4-4c3c-835a-d93aeecfb2c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/8383376f1355812e09ec0c2af67f6d46891b7ba7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4069",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T20:10:44.061510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T20:10:56.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a9925d98-dac4-4c3c-835a-d93aeecfb2c5"
},
{
"url": "https://github.com/librenms/librenms/commit/8383376f1355812e09ec0c2af67f6d46891b7ba7"
}
],
"source": {
"advisory": "a9925d98-dac4-4c3c-835a-d93aeecfb2c5",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4069",
"datePublished": "2022-11-20T00:00:00.000Z",
"dateReserved": "2022-11-20T00:00:00.000Z",
"dateUpdated": "2025-04-24T20:10:56.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4068 (GCVE-0-2022-4068)
Vulnerability from nvd – Published: 2022-11-20 00:00 – Updated: 2025-04-25 18:59
VLAI
EPSS
VEX
Title
Improperly Controlled Modification of Dynamically-Determined Object Attributes in librenms/librenms
Summary
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin's account.
Severity
7.6 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 22.10.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4068",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T18:58:11.047285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T18:59:04.307Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin\u0027s account."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc"
},
{
"url": "https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1"
}
],
"source": {
"advisory": "becfecc4-22a6-4f94-bf83-d6030b625fdc",
"discovery": "EXTERNAL"
},
"title": "Improperly Controlled Modification of Dynamically-Determined Object Attributes in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4068",
"datePublished": "2022-11-20T00:00:00.000Z",
"dateReserved": "2022-11-20T00:00:00.000Z",
"dateUpdated": "2025-04-25T18:59:04.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4067 (GCVE-0-2022-4067)
Vulnerability from nvd – Published: 2022-11-20 00:00 – Updated: 2025-04-28 19:56
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Stored in librenms/librenms
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 22.10.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3ca7023e-d95c-423f-9e9a-222a67a8ee72"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4067",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T19:56:31.566828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T19:56:44.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3ca7023e-d95c-423f-9e9a-222a67a8ee72"
},
{
"url": "https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c"
}
],
"source": {
"advisory": "3ca7023e-d95c-423f-9e9a-222a67a8ee72",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4067",
"datePublished": "2022-11-20T00:00:00.000Z",
"dateReserved": "2022-11-20T00:00:00.000Z",
"dateUpdated": "2025-04-28T19:56:44.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3562 (GCVE-0-2022-3562)
Vulnerability from nvd – Published: 2022-11-20 00:00 – Updated: 2025-04-28 18:08
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Stored in librenms/librenms
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
Severity
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 22.10.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:02.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/bb9f76db-1314-44ae-9ccc-2b69679aa657"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/43cb72549d90e338f902b359a83c23d3cb5a2645"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3562",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T18:08:34.355672Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T18:08:57.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/bb9f76db-1314-44ae-9ccc-2b69679aa657"
},
{
"url": "https://github.com/librenms/librenms/commit/43cb72549d90e338f902b359a83c23d3cb5a2645"
}
],
"source": {
"advisory": "bb9f76db-1314-44ae-9ccc-2b69679aa657",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3562",
"datePublished": "2022-11-20T00:00:00.000Z",
"dateReserved": "2022-10-17T00:00:00.000Z",
"dateUpdated": "2025-04-28T18:08:57.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3561 (GCVE-0-2022-3561)
Vulnerability from nvd – Published: 2022-11-20 00:00 – Updated: 2025-04-29 20:00
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Generic in librenms/librenms
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
Severity
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 22.10.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:01.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7389e6eb-4bce-4b97-999d-d3b70d8cee34"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/d86cbcd96d684e4de8dfa50b4490e4e02782d242"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3561",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T19:59:59.989635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T20:00:14.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/7389e6eb-4bce-4b97-999d-d3b70d8cee34"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/7389e6eb-4bce-4b97-999d-d3b70d8cee34"
},
{
"url": "https://github.com/librenms/librenms/commit/d86cbcd96d684e4de8dfa50b4490e4e02782d242"
}
],
"source": {
"advisory": "7389e6eb-4bce-4b97-999d-d3b70d8cee34",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3561",
"datePublished": "2022-11-20T00:00:00.000Z",
"dateReserved": "2022-10-17T00:00:00.000Z",
"dateUpdated": "2025-04-29T20:00:14.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3525 (GCVE-0-2022-3525)
Vulnerability from nvd – Published: 2022-11-20 00:00 – Updated: 2025-04-24 20:14
VLAI
EPSS
VEX
Title
Deserialization of Untrusted Data in librenms/librenms
Summary
Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.
Severity
9 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 22.10.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:01.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ed048e8d-87af-440a-a91f-be1e65a40330"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/ae3925b09ad3c5d0f7a9d5a26ae2f2f778834948"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3525",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T20:14:43.579537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T20:14:53.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/ed048e8d-87af-440a-a91f-be1e65a40330"
},
{
"url": "https://github.com/librenms/librenms/commit/ae3925b09ad3c5d0f7a9d5a26ae2f2f778834948"
}
],
"source": {
"advisory": "ed048e8d-87af-440a-a91f-be1e65a40330",
"discovery": "EXTERNAL"
},
"title": "Deserialization of Untrusted Data in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3525",
"datePublished": "2022-11-20T00:00:00.000Z",
"dateReserved": "2022-10-16T00:00:00.000Z",
"dateUpdated": "2025-04-24T20:14:53.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3516 (GCVE-0-2022-3516)
Vulnerability from nvd – Published: 2022-11-20 00:00 – Updated: 2025-04-25 20:38
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Stored in librenms/librenms
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
Severity
5.7 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 22.10.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:02.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/734bb5eb-715c-4b64-bd33-280300a63748"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3516",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T20:37:55.793372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T20:38:08.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c"
},
{
"url": "https://huntr.dev/bounties/734bb5eb-715c-4b64-bd33-280300a63748"
}
],
"source": {
"advisory": "734bb5eb-715c-4b64-bd33-280300a63748",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3516",
"datePublished": "2022-11-20T00:00:00.000Z",
"dateReserved": "2022-10-14T00:00:00.000Z",
"dateUpdated": "2025-04-25T20:38:08.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5591 (GCVE-0-2023-5591)
Vulnerability from cvelistv5 – Published: 2023-10-16 00:00 – Updated: 2024-09-16 17:17
VLAI
EPSS
VEX
Title
SQL Injection in librenms/librenms
Summary
SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.
Severity
7.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 23.10.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/54813d42-5b93-440e-b9b1-c179d2cbf090"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/908aef65967ce6184bdc587fd105660d5d55129e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5591",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T17:15:06.142802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T17:17:10.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": " SQL Injection in GitHub repository librenms/librenms prior to 23.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T00:00:19.280Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/54813d42-5b93-440e-b9b1-c179d2cbf090"
},
{
"url": "https://github.com/librenms/librenms/commit/908aef65967ce6184bdc587fd105660d5d55129e"
}
],
"source": {
"advisory": "54813d42-5b93-440e-b9b1-c179d2cbf090",
"discovery": "EXTERNAL"
},
"title": "SQL Injection in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5591",
"datePublished": "2023-10-16T00:00:19.280Z",
"dateReserved": "2023-10-16T00:00:06.456Z",
"dateUpdated": "2024-09-16T17:17:10.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5060 (GCVE-0-2023-5060)
Vulnerability from cvelistv5 – Published: 2023-09-19 02:03 – Updated: 2024-09-25 14:26
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - DOM in librenms/librenms
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.
Severity
8.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 23.9.1
(custom)
|
|
| librenms | librenms |
Affected:
0 , < 23.9.1
(custom)
cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/01b0917d-f92f-4903-9eca-bcfc46e847e3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/8fd8d9b06a11060de5dc69588a1a83594a7e6f72"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:21:40.055004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:26:07.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T02:03:32.344Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/01b0917d-f92f-4903-9eca-bcfc46e847e3"
},
{
"url": "https://github.com/librenms/librenms/commit/8fd8d9b06a11060de5dc69588a1a83594a7e6f72"
}
],
"source": {
"advisory": "01b0917d-f92f-4903-9eca-bcfc46e847e3",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5060",
"datePublished": "2023-09-19T02:03:32.344Z",
"dateReserved": "2023-09-19T02:03:19.948Z",
"dateUpdated": "2024-09-25T14:26:07.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4982 (GCVE-0-2023-4982)
Vulnerability from cvelistv5 – Published: 2023-09-15 00:00 – Updated: 2024-09-20 17:29
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Stored in librenms/librenms
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 23.9.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d3c2dd8a-883c-400e-a1a7-326c3fd37b9e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/2c5960631c49f7414f61b6d4dcd305b07da05769"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4982",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:28:05.086771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:29:44.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:00:50.054Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d3c2dd8a-883c-400e-a1a7-326c3fd37b9e"
},
{
"url": "https://github.com/librenms/librenms/commit/2c5960631c49f7414f61b6d4dcd305b07da05769"
}
],
"source": {
"advisory": "d3c2dd8a-883c-400e-a1a7-326c3fd37b9e",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4982",
"datePublished": "2023-09-15T00:00:50.054Z",
"dateReserved": "2023-09-15T00:00:38.411Z",
"dateUpdated": "2024-09-20T17:29:44.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4981 (GCVE-0-2023-4981)
Vulnerability from cvelistv5 – Published: 2023-09-15 00:00 – Updated: 2024-09-20 17:30
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - DOM in librenms/librenms
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 23.9.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1f014494-49a9-4bf0-8d43-a675498b9609"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/03c4da62c8acde0a82acbb4a445ae866ebfdd3f7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4981",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:28:46.835095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:30:03.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:00:42.509Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1f014494-49a9-4bf0-8d43-a675498b9609"
},
{
"url": "https://github.com/librenms/librenms/commit/03c4da62c8acde0a82acbb4a445ae866ebfdd3f7"
}
],
"source": {
"advisory": "1f014494-49a9-4bf0-8d43-a675498b9609",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4981",
"datePublished": "2023-09-15T00:00:42.509Z",
"dateReserved": "2023-09-15T00:00:38.085Z",
"dateUpdated": "2024-09-20T17:30:03.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4980 (GCVE-0-2023-4980)
Vulnerability from cvelistv5 – Published: 2023-09-15 00:00 – Updated: 2024-09-20 17:30
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Generic in librenms/librenms
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 23.9.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/470b9b13-b7fe-4b3f-a186-fdc5dc193976"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/cfd642be6a1e988453bd63069d17db3664e7de97"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:28:54.740007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:30:20.097Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:00:42.319Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/470b9b13-b7fe-4b3f-a186-fdc5dc193976"
},
{
"url": "https://github.com/librenms/librenms/commit/cfd642be6a1e988453bd63069d17db3664e7de97"
}
],
"source": {
"advisory": "470b9b13-b7fe-4b3f-a186-fdc5dc193976",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4980",
"datePublished": "2023-09-15T00:00:42.319Z",
"dateReserved": "2023-09-15T00:00:37.783Z",
"dateUpdated": "2024-09-20T17:30:20.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4978 (GCVE-0-2023-4978)
Vulnerability from cvelistv5 – Published: 2023-09-15 00:00 – Updated: 2024-09-20 17:30
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - DOM in librenms/librenms
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.
Severity
9 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 23.9.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/cefd9295-2053-4e6e-a130-7e1f845728f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/e4c46a45364cb944b94abf9b83f0558b2c4c2fb7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:29:04.449641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:30:37.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:00:19.517Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/cefd9295-2053-4e6e-a130-7e1f845728f4"
},
{
"url": "https://github.com/librenms/librenms/commit/e4c46a45364cb944b94abf9b83f0558b2c4c2fb7"
}
],
"source": {
"advisory": "cefd9295-2053-4e6e-a130-7e1f845728f4",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4978",
"datePublished": "2023-09-15T00:00:19.517Z",
"dateReserved": "2023-09-15T00:00:06.950Z",
"dateUpdated": "2024-09-20T17:30:37.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4979 (GCVE-0-2023-4979)
Vulnerability from cvelistv5 – Published: 2023-09-15 00:00 – Updated: 2024-09-20 17:31
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Reflected in librenms/librenms
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 23.9.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e67f8f5d-4048-404f-9b86-cb6b8719b77f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/49d66fa31b43acef02eaa09ee9af15fe7e16cd03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:29:14.824343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:31:14.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:00:19.484Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e67f8f5d-4048-404f-9b86-cb6b8719b77f"
},
{
"url": "https://github.com/librenms/librenms/commit/49d66fa31b43acef02eaa09ee9af15fe7e16cd03"
}
],
"source": {
"advisory": "e67f8f5d-4048-404f-9b86-cb6b8719b77f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4979",
"datePublished": "2023-09-15T00:00:19.484Z",
"dateReserved": "2023-09-15T00:00:07.096Z",
"dateUpdated": "2024-09-20T17:31:14.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4977 (GCVE-0-2023-4977)
Vulnerability from cvelistv5 – Published: 2023-09-15 00:00 – Updated: 2024-09-20 17:32
VLAI
EPSS
VEX
Title
Code Injection in librenms/librenms
Summary
Code Injection in GitHub repository librenms/librenms prior to 23.9.0.
Severity
7.3 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 23.9.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3db8a1a4-ca2d-45df-be18-a959ebf82fbc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/1194934d31c795a3f6877a96ffaa34b1f475bdd0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4977",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:32:02.031115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:32:15.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": " Code Injection in GitHub repository librenms/librenms prior to 23.9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:00:19.430Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3db8a1a4-ca2d-45df-be18-a959ebf82fbc"
},
{
"url": "https://github.com/librenms/librenms/commit/1194934d31c795a3f6877a96ffaa34b1f475bdd0"
}
],
"source": {
"advisory": "3db8a1a4-ca2d-45df-be18-a959ebf82fbc",
"discovery": "EXTERNAL"
},
"title": "Code Injection in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4977",
"datePublished": "2023-09-15T00:00:19.430Z",
"dateReserved": "2023-09-15T00:00:06.848Z",
"dateUpdated": "2024-09-20T17:32:15.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4347 (GCVE-0-2023-4347)
Vulnerability from cvelistv5 – Published: 2023-08-15 00:00 – Updated: 2024-10-03 13:41
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Reflected in librenms/librenms
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.
Severity
7.6 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 23.8.0
(custom)
|
|
| librenms | librenms |
Affected:
0 , < 23.8.0
(custom)
cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1f78c6e1-2923-46c5-9376-4cc5a8f1152f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/91c57a1ee54631e071b6b0c952d99c8ee892e824"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4347",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T13:39:38.399299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T13:41:01.070Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-15T00:00:19.923Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1f78c6e1-2923-46c5-9376-4cc5a8f1152f"
},
{
"url": "https://github.com/librenms/librenms/commit/91c57a1ee54631e071b6b0c952d99c8ee892e824"
}
],
"source": {
"advisory": "1f78c6e1-2923-46c5-9376-4cc5a8f1152f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4347",
"datePublished": "2023-08-15T00:00:19.923Z",
"dateReserved": "2023-08-15T00:00:06.680Z",
"dateUpdated": "2024-10-03T13:41:01.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4070 (GCVE-0-2022-4070)
Vulnerability from cvelistv5 – Published: 2022-11-20 00:00 – Updated: 2025-04-14 18:16
VLAI
EPSS
VEX
Title
Insufficient Session Expiration in librenms/librenms
Summary
Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-613 - Insufficient Session Expiration
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 22.10.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/72d426bb-b56e-4534-88ba-0d11381b0775"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/ce8e5f3d056829bfa7a845f9dc2757e21e419ddc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4070",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T18:14:00.753976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T18:16:21.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/72d426bb-b56e-4534-88ba-0d11381b0775"
},
{
"url": "https://github.com/librenms/librenms/commit/ce8e5f3d056829bfa7a845f9dc2757e21e419ddc"
}
],
"source": {
"advisory": "72d426bb-b56e-4534-88ba-0d11381b0775",
"discovery": "EXTERNAL"
},
"title": "Insufficient Session Expiration in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4070",
"datePublished": "2022-11-20T00:00:00.000Z",
"dateReserved": "2022-11-20T00:00:00.000Z",
"dateUpdated": "2025-04-14T18:16:21.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3561 (GCVE-0-2022-3561)
Vulnerability from cvelistv5 – Published: 2022-11-20 00:00 – Updated: 2025-04-29 20:00
VLAI
EPSS
VEX
Title
Cross-site Scripting (XSS) - Generic in librenms/librenms
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
Severity
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 22.10.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:01.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7389e6eb-4bce-4b97-999d-d3b70d8cee34"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/d86cbcd96d684e4de8dfa50b4490e4e02782d242"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3561",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T19:59:59.989635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T20:00:14.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/7389e6eb-4bce-4b97-999d-d3b70d8cee34"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/7389e6eb-4bce-4b97-999d-d3b70d8cee34"
},
{
"url": "https://github.com/librenms/librenms/commit/d86cbcd96d684e4de8dfa50b4490e4e02782d242"
}
],
"source": {
"advisory": "7389e6eb-4bce-4b97-999d-d3b70d8cee34",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3561",
"datePublished": "2022-11-20T00:00:00.000Z",
"dateReserved": "2022-10-17T00:00:00.000Z",
"dateUpdated": "2025-04-29T20:00:14.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3525 (GCVE-0-2022-3525)
Vulnerability from cvelistv5 – Published: 2022-11-20 00:00 – Updated: 2025-04-24 20:14
VLAI
EPSS
VEX
Title
Deserialization of Untrusted Data in librenms/librenms
Summary
Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.
Severity
9 (Critical)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 22.10.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:01.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ed048e8d-87af-440a-a91f-be1e65a40330"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/ae3925b09ad3c5d0f7a9d5a26ae2f2f778834948"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3525",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T20:14:43.579537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T20:14:53.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/ed048e8d-87af-440a-a91f-be1e65a40330"
},
{
"url": "https://github.com/librenms/librenms/commit/ae3925b09ad3c5d0f7a9d5a26ae2f2f778834948"
}
],
"source": {
"advisory": "ed048e8d-87af-440a-a91f-be1e65a40330",
"discovery": "EXTERNAL"
},
"title": "Deserialization of Untrusted Data in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3525",
"datePublished": "2022-11-20T00:00:00.000Z",
"dateReserved": "2022-10-16T00:00:00.000Z",
"dateUpdated": "2025-04-24T20:14:53.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4068 (GCVE-0-2022-4068)
Vulnerability from cvelistv5 – Published: 2022-11-20 00:00 – Updated: 2025-04-25 18:59
VLAI
EPSS
VEX
Title
Improperly Controlled Modification of Dynamically-Determined Object Attributes in librenms/librenms
Summary
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin's account.
Severity
7.6 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| librenms | librenms/librenms |
Affected:
unspecified , < 22.10.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4068",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T18:58:11.047285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T18:59:04.307Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin\u0027s account."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc"
},
{
"url": "https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1"
}
],
"source": {
"advisory": "becfecc4-22a6-4f94-bf83-d6030b625fdc",
"discovery": "EXTERNAL"
},
"title": "Improperly Controlled Modification of Dynamically-Determined Object Attributes in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4068",
"datePublished": "2022-11-20T00:00:00.000Z",
"dateReserved": "2022-11-20T00:00:00.000Z",
"dateUpdated": "2025-04-25T18:59:04.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}