CNNVD-202510-1634 Information
CNNVD ID
CNNVD-202510-1634
Related CVE
- CNNVD Published: 2025-10-13
Description (Chinese)
LibreNMS是LibreNMS社区的一套基于PHP和MySQL的开源网络监控系统。该系统具有自定义警报、自动发现网络环境和自动更新等特点。 LibreNMS 25.7.0之前版本存在跨站脚本漏洞,该漏洞源于report_this函数中对project_issues参数过滤不当,可能导致反射型跨站脚本攻击。
Description (English)
LibreNMS is an open-source network monitoring system based on PHP and MySQL for the LibreNMS community. The system has features such as custom alerts, automatic discovery of the network environment and automatic updating. The previous version of LibreNMS 25.7.0 had a cross-site script loophole, which stemmed from the inappropriate filtering of the subject issues parameters in the report this function, which could lead to a reflex-type cross-station script attack.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
LibreNMS
Published
2025-10-13
Last Modified
2026-02-24
References
https://github.com/librenms/librenms/commit/30d3dd7e5f5e22a8c23c9db3ad90a731c005b008 https://github.com/librenms/librenms/security/advisories/GHSA-86rg-8hc8-v82p https://access.redhat.com/security/cve/cve-2025-62365
Patch
https://github.com/librenms/librenms/releases
Share on: