CVE-2025-55296

Medium CVSS: 5.5

librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (<= 25.6.0) in the Alert Template creation feature. This allows a user with the admin role to inject malicious JavaScript, which will be executed when the template is rendered, potentially compromising other admin accounts. This vulnerability is fixed in 25.8.0.

Vendor

Librenms

Product

Librenms

CWE

CWE-79

Yayın Tarihi

2025-08-18 18:15:39

Güncelleme

2025-09-10 14:23:14

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Librenms MEDIUM Librenms 2025

Referanslar

https://github.com/librenms/librenms/commit/8ade3d827d317f5ac4b336617aafff865f825958 https://github.com/librenms/librenms/security/advisories/GHSA-vxq6-8cwm-wj99

Benzer Kayıtlar

Medium

CVE-2026-26992

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port gro…

Medium

CVE-2026-26991

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device g…

Medium

CVE-2026-27016

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulner…

Medium

CVE-2026-26987

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable…

Critical

CVE-2026-26988

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL…

Medium

CVE-2026-26989

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by…