CVE-2025-62411

Medium CVSS: 5.5

LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS <= 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the value of the Transport name field is stored and later rendered in the Transports column of the Alert Rules page without proper input validation or output encoding. This leads to arbitrary JavaScript execution in the admin’s browser. This vulnerability is fixed in 25.10.0.

Vendor

Librenms

Product

Librenms

CWE

CWE-79

Yayın Tarihi

2025-10-16 18:15:39

Güncelleme

2025-10-23 12:31:17

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Librenms MEDIUM Librenms 2025

Referanslar

https://github.com/librenms/librenms/commit/706a77085f4d5964f7de9444208ef707e1f79450 https://github.com/librenms/librenms/security/advisories/GHSA-frc6-pwgr-c28w https://github.com/librenms/librenms/security/advisories/GHSA-frc6-pwgr-c28w

Benzer Kayıtlar

Medium

CVE-2026-26992

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the port gro…

Medium

CVE-2026-26991

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. In versions 26.1.1 and below, the device g…

Medium

CVE-2026-27016

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 24.10.0 through 26.1.1 are vulner…

Medium

CVE-2026-26987

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are vulnerable…

Critical

CVE-2026-26988

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below contain an SQL…

Medium

CVE-2026-26989

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Versions 25.12.0 and below are affected by…