CVE-2025-47931

Low CVSS: 2.1

LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting (XSS) Vulnerability in the `group name` parameter of the `http://localhost/poller/groups` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. LibreNMS v25.5.0 contains a patch for the issue.

Vendor

Librenms

Product

Librenms

CWE

CWE-79

Yayın Tarihi

2025-05-17 16:15:19

Güncelleme

2025-05-28 13:19:14

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Librenms LOW Librenms 2025

Referanslar

https://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284 https://github.com/librenms/librenms/commit/88fe1a7abdb500d9a2d4c45f9872df54c9ff8062 https://github.com/librenms/librenms/pull/17603 https://github.com/librenms/librenms/security/advisories/GHSA-hxw5-9cc5-cmw5

Benzer Kayıtlar

Medium

CVE-2026-26992

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port gro…

Medium

CVE-2026-26991

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device g…

Medium

CVE-2026-27016

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulner…

Medium

CVE-2026-26987

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable…

Critical

CVE-2026-26988

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL…

Medium

CVE-2026-26989

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by…