CNNVD-202510-2310 Information
CNNVD ID
CNNVD-202510-2310
Related CVE
- CNNVD Published: 2025-10-16
Description (Chinese)
LibreNMS是LibreNMS社区的一套基于PHP和MySQL的开源网络监控系统。该系统具有自定义警报、自动发现网络环境和自动更新等特点。 LibreNMS 25.8.0及之前版本存在安全漏洞,该漏洞源于Alert Transports管理功能中对Transport name字段输入验证和输出编码不足,可能导致存储型跨站脚本攻击。
Description (English)
LibreNMS is an open-source network monitoring system based on PHP and MySQL for the LibreNMS community. The system has features such as custom alerts, automatic discovery of the network environment and automatic updating. LibreNMS 25.8.0 and previous versions contain a security loophole, which stems from the insufficient authentication and output encoding of the Transport name field in the Albert Transports management function, which may result in a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
LibreNMS
Published
2025-10-16
Last Modified
2026-02-24
References
https://github.com/librenms/librenms/security/advisories/GHSA-frc6-pwgr-c28w https://github.com/librenms/librenms/commit/706a77085f4d5964f7de9444208ef707e1f79450 https://access.redhat.com/security/cve/cve-2025-62411
Patch
https://github.com/librenms/librenms/releases
Share on: