Vulnerabilites related to librenms - librenms/librenms
CVE-2022-0576 (GCVE-0-2022-0576)
Vulnerability from cvelistv5
Published
2022-02-13 23:40
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 22.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.223Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/114ba055-a2f0-4db9-aafb-95df944ba177"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/135717a9a05c5bf8921f1389cbb469dcbf300bfd"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-21T10:00:18",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/114ba055-a2f0-4db9-aafb-95df944ba177"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/135717a9a05c5bf8921f1389cbb469dcbf300bfd"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
],
"source": {
"advisory": "114ba055-a2f0-4db9-aafb-95df944ba177",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in librenms/librenms",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0576",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Generic in librenms/librenms"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "librenms/librenms",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "22.1.0"
}
]
}
}
]
},
"vendor_name": "librenms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/114ba055-a2f0-4db9-aafb-95df944ba177",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/114ba055-a2f0-4db9-aafb-95df944ba177"
},
{
"name": "https://github.com/librenms/librenms/commit/135717a9a05c5bf8921f1389cbb469dcbf300bfd",
"refsource": "MISC",
"url": "https://github.com/librenms/librenms/commit/135717a9a05c5bf8921f1389cbb469dcbf300bfd"
},
{
"name": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html",
"refsource": "MISC",
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
]
},
"source": {
"advisory": "114ba055-a2f0-4db9-aafb-95df944ba177",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0576",
"datePublished": "2022-02-13T23:40:09",
"dateReserved": "2022-02-12T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.223Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0772 (GCVE-0-2022-0772)
Vulnerability from cvelistv5
Published
2022-02-27 21:25
Modified
2024-08-02 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 22.2.2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:03.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/faae29bd-c43a-468d-8af6-2b6aa4d40f09"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/703745d0ed3948623153117d761ce48514e2f281"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-27T21:25:10",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/faae29bd-c43a-468d-8af6-2b6aa4d40f09"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/703745d0ed3948623153117d761ce48514e2f281"
}
],
"source": {
"advisory": "faae29bd-c43a-468d-8af6-2b6aa4d40f09",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in librenms/librenms",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0772",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in librenms/librenms"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "librenms/librenms",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "22.2.2"
}
]
}
}
]
},
"vendor_name": "librenms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.2.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/faae29bd-c43a-468d-8af6-2b6aa4d40f09",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/faae29bd-c43a-468d-8af6-2b6aa4d40f09"
},
{
"name": "https://github.com/librenms/librenms/commit/703745d0ed3948623153117d761ce48514e2f281",
"refsource": "MISC",
"url": "https://github.com/librenms/librenms/commit/703745d0ed3948623153117d761ce48514e2f281"
}
]
},
"source": {
"advisory": "faae29bd-c43a-468d-8af6-2b6aa4d40f09",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0772",
"datePublished": "2022-02-27T21:25:11",
"dateReserved": "2022-02-27T00:00:00",
"dateUpdated": "2024-08-02T23:40:03.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4981 (GCVE-0-2023-4981)
Vulnerability from cvelistv5
Published
2023-09-15 00:00
Modified
2024-09-20 17:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 23.9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1f014494-49a9-4bf0-8d43-a675498b9609"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/03c4da62c8acde0a82acbb4a445ae866ebfdd3f7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4981",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:28:46.835095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:30:03.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:00:42.509Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1f014494-49a9-4bf0-8d43-a675498b9609"
},
{
"url": "https://github.com/librenms/librenms/commit/03c4da62c8acde0a82acbb4a445ae866ebfdd3f7"
}
],
"source": {
"advisory": "1f014494-49a9-4bf0-8d43-a675498b9609",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4981",
"datePublished": "2023-09-15T00:00:42.509Z",
"dateReserved": "2023-09-15T00:00:38.085Z",
"dateUpdated": "2024-09-20T17:30:03.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4067 (GCVE-0-2022-4067)
Vulnerability from cvelistv5
Published
2022-11-20 00:00
Modified
2025-04-28 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 22.10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3ca7023e-d95c-423f-9e9a-222a67a8ee72"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4067",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T19:56:31.566828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T19:56:44.425Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3ca7023e-d95c-423f-9e9a-222a67a8ee72"
},
{
"url": "https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c"
}
],
"source": {
"advisory": "3ca7023e-d95c-423f-9e9a-222a67a8ee72",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4067",
"datePublished": "2022-11-20T00:00:00.000Z",
"dateReserved": "2022-11-20T00:00:00.000Z",
"dateUpdated": "2025-04-28T19:56:44.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3525 (GCVE-0-2022-3525)
Vulnerability from cvelistv5
Published
2022-11-20 00:00
Modified
2025-04-24 20:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 22.10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:01.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ed048e8d-87af-440a-a91f-be1e65a40330"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/ae3925b09ad3c5d0f7a9d5a26ae2f2f778834948"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3525",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T20:14:43.579537Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T20:14:53.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/ed048e8d-87af-440a-a91f-be1e65a40330"
},
{
"url": "https://github.com/librenms/librenms/commit/ae3925b09ad3c5d0f7a9d5a26ae2f2f778834948"
}
],
"source": {
"advisory": "ed048e8d-87af-440a-a91f-be1e65a40330",
"discovery": "EXTERNAL"
},
"title": "Deserialization of Untrusted Data in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3525",
"datePublished": "2022-11-20T00:00:00.000Z",
"dateReserved": "2022-10-16T00:00:00.000Z",
"dateUpdated": "2025-04-24T20:14:53.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3561 (GCVE-0-2022-3561)
Vulnerability from cvelistv5
Published
2022-11-20 00:00
Modified
2025-04-29 20:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 22.10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:01.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/7389e6eb-4bce-4b97-999d-d3b70d8cee34"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/d86cbcd96d684e4de8dfa50b4490e4e02782d242"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3561",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T19:59:59.989635Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T20:00:14.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://huntr.com/bounties/7389e6eb-4bce-4b97-999d-d3b70d8cee34"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/7389e6eb-4bce-4b97-999d-d3b70d8cee34"
},
{
"url": "https://github.com/librenms/librenms/commit/d86cbcd96d684e4de8dfa50b4490e4e02782d242"
}
],
"source": {
"advisory": "7389e6eb-4bce-4b97-999d-d3b70d8cee34",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3561",
"datePublished": "2022-11-20T00:00:00.000Z",
"dateReserved": "2022-10-17T00:00:00.000Z",
"dateUpdated": "2025-04-29T20:00:14.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4070 (GCVE-0-2022-4070)
Vulnerability from cvelistv5
Published
2022-11-20 00:00
Modified
2025-04-14 18:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-613 - Insufficient Session Expiration
Summary
Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 22.10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/72d426bb-b56e-4534-88ba-0d11381b0775"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/ce8e5f3d056829bfa7a845f9dc2757e21e419ddc"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4070",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T18:14:00.753976Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T18:16:21.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613 Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/72d426bb-b56e-4534-88ba-0d11381b0775"
},
{
"url": "https://github.com/librenms/librenms/commit/ce8e5f3d056829bfa7a845f9dc2757e21e419ddc"
}
],
"source": {
"advisory": "72d426bb-b56e-4534-88ba-0d11381b0775",
"discovery": "EXTERNAL"
},
"title": "Insufficient Session Expiration in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4070",
"datePublished": "2022-11-20T00:00:00.000Z",
"dateReserved": "2022-11-20T00:00:00.000Z",
"dateUpdated": "2025-04-14T18:16:21.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4980 (GCVE-0-2023-4980)
Vulnerability from cvelistv5
Published
2023-09-15 00:00
Modified
2024-09-20 17:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 23.9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.787Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/470b9b13-b7fe-4b3f-a186-fdc5dc193976"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/cfd642be6a1e988453bd63069d17db3664e7de97"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:28:54.740007Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:30:20.097Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:00:42.319Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/470b9b13-b7fe-4b3f-a186-fdc5dc193976"
},
{
"url": "https://github.com/librenms/librenms/commit/cfd642be6a1e988453bd63069d17db3664e7de97"
}
],
"source": {
"advisory": "470b9b13-b7fe-4b3f-a186-fdc5dc193976",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4980",
"datePublished": "2023-09-15T00:00:42.319Z",
"dateReserved": "2023-09-15T00:00:37.783Z",
"dateUpdated": "2024-09-20T17:30:20.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0589 (GCVE-0-2022-0589)
Vulnerability from cvelistv5
Published
2022-02-15 08:10
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 22.1.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.193Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/d943d95c-076f-441a-ab21-cbf6b15f6768"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/4c9d4eefd8064a0285f9718ef38f5617d7f9d6fa"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.1.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-21T10:00:26",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/d943d95c-076f-441a-ab21-cbf6b15f6768"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/4c9d4eefd8064a0285f9718ef38f5617d7f9d6fa"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
],
"source": {
"advisory": "d943d95c-076f-441a-ab21-cbf6b15f6768",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in librenms/librenms",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0589",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in librenms/librenms"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "librenms/librenms",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "22.1.0"
}
]
}
}
]
},
"vendor_name": "librenms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.1.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/d943d95c-076f-441a-ab21-cbf6b15f6768",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/d943d95c-076f-441a-ab21-cbf6b15f6768"
},
{
"name": "https://github.com/librenms/librenms/commit/4c9d4eefd8064a0285f9718ef38f5617d7f9d6fa",
"refsource": "MISC",
"url": "https://github.com/librenms/librenms/commit/4c9d4eefd8064a0285f9718ef38f5617d7f9d6fa"
},
{
"name": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html",
"refsource": "MISC",
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
]
},
"source": {
"advisory": "d943d95c-076f-441a-ab21-cbf6b15f6768",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0589",
"datePublished": "2022-02-15T08:10:10",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4347 (GCVE-0-2023-4347)
Vulnerability from cvelistv5
Published
2023-08-15 00:00
Modified
2024-10-03 13:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 23.8.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:24:04.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/1f78c6e1-2923-46c5-9376-4cc5a8f1152f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/91c57a1ee54631e071b6b0c952d99c8ee892e824"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.8.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4347",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T13:39:38.399299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T13:41:01.070Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.8.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-15T00:00:19.923Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/1f78c6e1-2923-46c5-9376-4cc5a8f1152f"
},
{
"url": "https://github.com/librenms/librenms/commit/91c57a1ee54631e071b6b0c952d99c8ee892e824"
}
],
"source": {
"advisory": "1f78c6e1-2923-46c5-9376-4cc5a8f1152f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4347",
"datePublished": "2023-08-15T00:00:19.923Z",
"dateReserved": "2023-08-15T00:00:06.680Z",
"dateUpdated": "2024-10-03T13:41:01.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5591 (GCVE-0-2023-5591)
Vulnerability from cvelistv5
Published
2023-10-16 00:00
Modified
2024-09-16 17:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command
Summary
SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 23.10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:07:32.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/54813d42-5b93-440e-b9b1-c179d2cbf090"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/908aef65967ce6184bdc587fd105660d5d55129e"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5591",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T17:15:06.142802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T17:17:10.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": " SQL Injection in GitHub repository librenms/librenms prior to 23.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T00:00:19.280Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/54813d42-5b93-440e-b9b1-c179d2cbf090"
},
{
"url": "https://github.com/librenms/librenms/commit/908aef65967ce6184bdc587fd105660d5d55129e"
}
],
"source": {
"advisory": "54813d42-5b93-440e-b9b1-c179d2cbf090",
"discovery": "EXTERNAL"
},
"title": "SQL Injection in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5591",
"datePublished": "2023-10-16T00:00:19.280Z",
"dateReserved": "2023-10-16T00:00:06.456Z",
"dateUpdated": "2024-09-16T17:17:10.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4979 (GCVE-0-2023-4979)
Vulnerability from cvelistv5
Published
2023-09-15 00:00
Modified
2024-09-20 17:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 23.9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/e67f8f5d-4048-404f-9b86-cb6b8719b77f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/49d66fa31b43acef02eaa09ee9af15fe7e16cd03"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:29:14.824343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:31:14.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:00:19.484Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/e67f8f5d-4048-404f-9b86-cb6b8719b77f"
},
{
"url": "https://github.com/librenms/librenms/commit/49d66fa31b43acef02eaa09ee9af15fe7e16cd03"
}
],
"source": {
"advisory": "e67f8f5d-4048-404f-9b86-cb6b8719b77f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Reflected in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4979",
"datePublished": "2023-09-15T00:00:19.484Z",
"dateReserved": "2023-09-15T00:00:07.096Z",
"dateUpdated": "2024-09-20T17:31:14.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4977 (GCVE-0-2023-4977)
Vulnerability from cvelistv5
Published
2023-09-15 00:00
Modified
2024-09-20 17:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-94 - Improper Control of Generation of Code
Summary
Code Injection in GitHub repository librenms/librenms prior to 23.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 23.9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/3db8a1a4-ca2d-45df-be18-a959ebf82fbc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/1194934d31c795a3f6877a96ffaa34b1f475bdd0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4977",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:32:02.031115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:32:15.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": " Code Injection in GitHub repository librenms/librenms prior to 23.9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:00:19.430Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/3db8a1a4-ca2d-45df-be18-a959ebf82fbc"
},
{
"url": "https://github.com/librenms/librenms/commit/1194934d31c795a3f6877a96ffaa34b1f475bdd0"
}
],
"source": {
"advisory": "3db8a1a4-ca2d-45df-be18-a959ebf82fbc",
"discovery": "EXTERNAL"
},
"title": "Code Injection in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4977",
"datePublished": "2023-09-15T00:00:19.430Z",
"dateReserved": "2023-09-15T00:00:06.848Z",
"dateUpdated": "2024-09-20T17:32:15.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3231 (GCVE-0-2022-3231)
Vulnerability from cvelistv5
Published
2022-09-17 17:00
Modified
2024-08-03 01:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 22.9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/bcb6ee68-1452-4fdb-932a-f1031d10984f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/08050020861230ff96a6507b309cc172a9e70af8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-17T17:00:21",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/bcb6ee68-1452-4fdb-932a-f1031d10984f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/08050020861230ff96a6507b309cc172a9e70af8"
}
],
"source": {
"advisory": "bcb6ee68-1452-4fdb-932a-f1031d10984f",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in librenms/librenms",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-3231",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in librenms/librenms"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "librenms/librenms",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "22.9.0"
}
]
}
}
]
},
"vendor_name": "librenms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/bcb6ee68-1452-4fdb-932a-f1031d10984f",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/bcb6ee68-1452-4fdb-932a-f1031d10984f"
},
{
"name": "https://github.com/librenms/librenms/commit/08050020861230ff96a6507b309cc172a9e70af8",
"refsource": "MISC",
"url": "https://github.com/librenms/librenms/commit/08050020861230ff96a6507b309cc172a9e70af8"
}
]
},
"source": {
"advisory": "bcb6ee68-1452-4fdb-932a-f1031d10984f",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3231",
"datePublished": "2022-09-17T17:00:21",
"dateReserved": "2022-09-16T00:00:00",
"dateUpdated": "2024-08-03T01:00:10.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0575 (GCVE-0-2022-0575)
Vulnerability from cvelistv5
Published
2022-02-13 23:40
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 22.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/13951f51-deed-4a3d-8275-52306cc5a87d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/4f86915866703e2fcd1e34b3fc1181ec2ad78e54"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-21T10:00:16",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/13951f51-deed-4a3d-8275-52306cc5a87d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/4f86915866703e2fcd1e34b3fc1181ec2ad78e54"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
],
"source": {
"advisory": "13951f51-deed-4a3d-8275-52306cc5a87d",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in librenms/librenms",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0575",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting (XSS) - Stored in librenms/librenms"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "librenms/librenms",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "22.2.0"
}
]
}
}
]
},
"vendor_name": "librenms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/13951f51-deed-4a3d-8275-52306cc5a87d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/13951f51-deed-4a3d-8275-52306cc5a87d"
},
{
"name": "https://github.com/librenms/librenms/commit/4f86915866703e2fcd1e34b3fc1181ec2ad78e54",
"refsource": "MISC",
"url": "https://github.com/librenms/librenms/commit/4f86915866703e2fcd1e34b3fc1181ec2ad78e54"
},
{
"name": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html",
"refsource": "MISC",
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
]
},
"source": {
"advisory": "13951f51-deed-4a3d-8275-52306cc5a87d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0575",
"datePublished": "2022-02-13T23:40:15",
"dateReserved": "2022-02-12T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3562 (GCVE-0-2022-3562)
Vulnerability from cvelistv5
Published
2022-11-20 00:00
Modified
2025-04-28 18:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 22.10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:02.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/bb9f76db-1314-44ae-9ccc-2b69679aa657"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/43cb72549d90e338f902b359a83c23d3cb5a2645"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3562",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T18:08:34.355672Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T18:08:57.905Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/bb9f76db-1314-44ae-9ccc-2b69679aa657"
},
{
"url": "https://github.com/librenms/librenms/commit/43cb72549d90e338f902b359a83c23d3cb5a2645"
}
],
"source": {
"advisory": "bb9f76db-1314-44ae-9ccc-2b69679aa657",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3562",
"datePublished": "2022-11-20T00:00:00.000Z",
"dateReserved": "2022-10-17T00:00:00.000Z",
"dateUpdated": "2025-04-28T18:08:57.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3516 (GCVE-0-2022-3516)
Vulnerability from cvelistv5
Published
2022-11-20 00:00
Modified
2025-04-25 20:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 22.10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:14:02.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c"
},
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/734bb5eb-715c-4b64-bd33-280300a63748"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3516",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T20:37:55.793372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T20:38:08.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c"
},
{
"url": "https://huntr.dev/bounties/734bb5eb-715c-4b64-bd33-280300a63748"
}
],
"source": {
"advisory": "734bb5eb-715c-4b64-bd33-280300a63748",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-3516",
"datePublished": "2022-11-20T00:00:00.000Z",
"dateReserved": "2022-10-14T00:00:00.000Z",
"dateUpdated": "2025-04-25T20:38:08.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4978 (GCVE-0-2023-4978)
Vulnerability from cvelistv5
Published
2023-09-15 00:00
Modified
2024-09-20 17:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 23.9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/cefd9295-2053-4e6e-a130-7e1f845728f4"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/e4c46a45364cb944b94abf9b83f0558b2c4c2fb7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:29:04.449641Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:30:37.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:00:19.517Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/cefd9295-2053-4e6e-a130-7e1f845728f4"
},
{
"url": "https://github.com/librenms/librenms/commit/e4c46a45364cb944b94abf9b83f0558b2c4c2fb7"
}
],
"source": {
"advisory": "cefd9295-2053-4e6e-a130-7e1f845728f4",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4978",
"datePublished": "2023-09-15T00:00:19.517Z",
"dateReserved": "2023-09-15T00:00:06.950Z",
"dateUpdated": "2024-09-20T17:30:37.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0580 (GCVE-0-2022-0580)
Vulnerability from cvelistv5
Published
2022-02-14 22:55
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-863 - Incorrect Authorization
Summary
Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 22.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/2494106c-7703-4558-bb1f-1eae59d264e3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIncorrect Authorization in Packagist librenms/librenms prior to 22.2.0.\u003c/p\u003e"
}
],
"value": "Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:45:33.791Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/2494106c-7703-4558-bb1f-1eae59d264e3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
],
"source": {
"advisory": "2494106c-7703-4558-bb1f-1eae59d264e3",
"discovery": "EXTERNAL"
},
"title": "Incorrect Authorization in librenms/librenms",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0580",
"STATE": "PUBLIC",
"TITLE": "Improper Access Control in librenms/librenms"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "librenms/librenms",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "22.2.0"
}
]
}
}
]
},
"vendor_name": "librenms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Access Control in Packagist librenms/librenms prior to 22.2.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2494106c-7703-4558-bb1f-1eae59d264e3",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2494106c-7703-4558-bb1f-1eae59d264e3"
},
{
"name": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7",
"refsource": "MISC",
"url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7"
},
{
"name": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html",
"refsource": "MISC",
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
]
},
"source": {
"advisory": "2494106c-7703-4558-bb1f-1eae59d264e3",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0580",
"datePublished": "2022-02-14T22:55:09",
"dateReserved": "2022-02-13T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0587 (GCVE-0-2022-0587)
Vulnerability from cvelistv5
Published
2022-02-15 07:45
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
Improper Authorization in Packagist librenms/librenms prior to 22.2.0.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 22.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/0c7c9ecd-33ac-4865-b05b-447ced735469"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization in Packagist librenms/librenms prior to 22.2.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-21T10:00:22",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/0c7c9ecd-33ac-4865-b05b-447ced735469"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
],
"source": {
"advisory": "0c7c9ecd-33ac-4865-b05b-447ced735469",
"discovery": "EXTERNAL"
},
"title": "Improper Authorization in librenms/librenms",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0587",
"STATE": "PUBLIC",
"TITLE": "Improper Authorization in librenms/librenms"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "librenms/librenms",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "22.2.0"
}
]
}
}
]
},
"vendor_name": "librenms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authorization in Packagist librenms/librenms prior to 22.2.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7",
"refsource": "MISC",
"url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7"
},
{
"name": "https://huntr.dev/bounties/0c7c9ecd-33ac-4865-b05b-447ced735469",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/0c7c9ecd-33ac-4865-b05b-447ced735469"
},
{
"name": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html",
"refsource": "MISC",
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
]
},
"source": {
"advisory": "0c7c9ecd-33ac-4865-b05b-447ced735469",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0587",
"datePublished": "2022-02-15T07:45:09",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.211Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-4982 (GCVE-0-2023-4982)
Vulnerability from cvelistv5
Published
2023-09-15 00:00
Modified
2024-09-20 17:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 23.9.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d3c2dd8a-883c-400e-a1a7-326c3fd37b9e"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/2c5960631c49f7414f61b6d4dcd305b07da05769"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-4982",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T17:28:05.086771Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T17:29:44.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:00:50.054Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d3c2dd8a-883c-400e-a1a7-326c3fd37b9e"
},
{
"url": "https://github.com/librenms/librenms/commit/2c5960631c49f7414f61b6d4dcd305b07da05769"
}
],
"source": {
"advisory": "d3c2dd8a-883c-400e-a1a7-326c3fd37b9e",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Stored in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-4982",
"datePublished": "2023-09-15T00:00:50.054Z",
"dateReserved": "2023-09-15T00:00:38.411Z",
"dateUpdated": "2024-09-20T17:29:44.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4069 (GCVE-0-2022-4069)
Vulnerability from cvelistv5
Published
2022-11-20 00:00
Modified
2025-04-24 20:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 22.10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.414Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/a9925d98-dac4-4c3c-835a-d93aeecfb2c5"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/8383376f1355812e09ec0c2af67f6d46891b7ba7"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4069",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T20:10:44.061510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-24T20:10:56.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/a9925d98-dac4-4c3c-835a-d93aeecfb2c5"
},
{
"url": "https://github.com/librenms/librenms/commit/8383376f1355812e09ec0c2af67f6d46891b7ba7"
}
],
"source": {
"advisory": "a9925d98-dac4-4c3c-835a-d93aeecfb2c5",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - Generic in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4069",
"datePublished": "2022-11-20T00:00:00.000Z",
"dateReserved": "2022-11-20T00:00:00.000Z",
"dateUpdated": "2025-04-24T20:10:56.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0588 (GCVE-0-2022-0588)
Vulnerability from cvelistv5
Published
2022-02-15 08:05
Modified
2024-08-02 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
Missing Authorization in Packagist librenms/librenms prior to 22.2.0.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 22.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:32:46.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/caab3310-0d70-4c8a-8768-956f8dd3326d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.2.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eMissing Authorization in Packagist librenms/librenms prior to 22.2.0.\u003c/p\u003e"
}
],
"value": "Missing Authorization in Packagist librenms/librenms prior to 22.2.0.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-02T08:45:03.846Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/caab3310-0d70-4c8a-8768-956f8dd3326d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
],
"source": {
"advisory": "caab3310-0d70-4c8a-8768-956f8dd3326d",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in librenms/librenms",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0588",
"STATE": "PUBLIC",
"TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in librenms/librenms"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "librenms/librenms",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "22.2.0"
}
]
}
}
]
},
"vendor_name": "librenms"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in Packagist librenms/librenms prior to 22.2.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7",
"refsource": "MISC",
"url": "https://github.com/librenms/librenms/commit/95970af78e4c899744a715766d744deef8c505f7"
},
{
"name": "https://huntr.dev/bounties/caab3310-0d70-4c8a-8768-956f8dd3326d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/caab3310-0d70-4c8a-8768-956f8dd3326d"
},
{
"name": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html",
"refsource": "MISC",
"url": "https://notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html"
}
]
},
"source": {
"advisory": "caab3310-0d70-4c8a-8768-956f8dd3326d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0588",
"datePublished": "2022-02-15T08:05:21",
"dateReserved": "2022-02-14T00:00:00",
"dateUpdated": "2024-08-02T23:32:46.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-4068 (GCVE-0-2022-4068)
Vulnerability from cvelistv5
Published
2022-11-20 00:00
Modified
2025-04-25 18:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
Summary
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin's account.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 22.10.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:27:54.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-4068",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T18:58:11.047285Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T18:59:04.307Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "22.10.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin\u0027s account."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-915",
"description": "CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-20T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc"
},
{
"url": "https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1"
}
],
"source": {
"advisory": "becfecc4-22a6-4f94-bf83-d6030b625fdc",
"discovery": "EXTERNAL"
},
"title": "Improperly Controlled Modification of Dynamically-Determined Object Attributes in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-4068",
"datePublished": "2022-11-20T00:00:00.000Z",
"dateReserved": "2022-11-20T00:00:00.000Z",
"dateUpdated": "2025-04-25T18:59:04.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5060 (GCVE-0-2023-5060)
Vulnerability from cvelistv5
Published
2023-09-19 02:03
Modified
2024-09-25 14:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| librenms | librenms/librenms |
Version: unspecified < 23.9.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/01b0917d-f92f-4903-9eca-bcfc46e847e3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/librenms/librenms/commit/8fd8d9b06a11060de5dc69588a1a83594a7e6f72"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5060",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T14:21:40.055004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T14:26:07.506Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "librenms/librenms",
"vendor": "librenms",
"versions": [
{
"lessThan": "23.9.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-19T02:03:32.344Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/01b0917d-f92f-4903-9eca-bcfc46e847e3"
},
{
"url": "https://github.com/librenms/librenms/commit/8fd8d9b06a11060de5dc69588a1a83594a7e6f72"
}
],
"source": {
"advisory": "01b0917d-f92f-4903-9eca-bcfc46e847e3",
"discovery": "EXTERNAL"
},
"title": "Cross-site Scripting (XSS) - DOM in librenms/librenms"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2023-5060",
"datePublished": "2023-09-19T02:03:32.344Z",
"dateReserved": "2023-09-19T02:03:19.948Z",
"dateUpdated": "2024-09-25T14:26:07.506Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}