CVE-2025-62411

Опубликовано: 16 окт. 2025

Источник: nvd

CVSS3: 5.5

CVSS3: 4.8

EPSS Низкий

Описание

LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS <= 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the value of the Transport name field is stored and later rendered in the Transports column of the Alert Rules page without proper input validation or output encoding. This leads to arbitrary JavaScript execution in the admin’s browser. This vulnerability is fixed in 25.10.0.

Ссылки

https://github.com/librenms/librenms/commit/706a77085f4d5964f7de9444208ef707e1f79450
Patch
https://github.com/librenms/librenms/security/advisories/GHSA-frc6-pwgr-c28w
Exploit
Vendor Advisory
https://github.com/librenms/librenms/security/advisories/GHSA-frc6-pwgr-c28w
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*

Версия до 25.10.0 (исключая)

EPSS

Процентиль: 0%

0.00007

Низкий

5.5 Medium

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-frc6-pwgr-c28w

CVSS3: 5.5

github

4 месяца назад

LibreNMS has a Stored XSS vulnerability in its Alert Transport name field

EPSS

Процентиль: 0%

0.00007

Низкий

5.5 Medium

CVSS3

4.8 Medium

CVSS3

Дефекты

CWE-79