Tony Murray

50 exploits Active since Jul 2020
CVE-2023-4977 WRITEUP MEDIUM WRITEUP
librenms < 23.9.0 - Code Injection
Code Injection in GitHub repository librenms/librenms prior to 23.9.0.
CVSS 5.4
CVE-2023-4978 WRITEUP MEDIUM WRITEUP
librenms < 23.9.0 - DOM-Based Cross-Site Scripting
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.
CVSS 6.1
CVE-2023-4979 WRITEUP MEDIUM WRITEUP
librenms < 23.9.0 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.
CVSS 5.4
CVE-2023-4980 WRITEUP MEDIUM WRITEUP
librenms < 23.9.0 - Cross-Site Scripting
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0.
CVSS 5.4
CVE-2023-4981 WRITEUP MEDIUM WRITEUP
librenms < 23.9.0 - DOM-Based Cross-Site Scripting
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.
CVSS 5.4
CVE-2023-4982 WRITEUP MEDIUM WRITEUP
librenms < 23.9.0 - Stored Cross-Site Scripting
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.
CVSS 5.4
CVE-2023-5060 WRITEUP MEDIUM WRITEUP
GitHub librenms/librenms <23.9.1 - XSS
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.
CVSS 6.1
CVE-2023-5591 WRITEUP MEDIUM WRITEUP
librenms/librenms < 23.10.0 - SQL Injection
SQL Injection in GitHub repository librenms/librenms prior to 23.10.0.
CVSS 6.5
CVE-2024-32461 WRITEUP HIGH WRITEUP
LibreNMS < 24.4.0 - Authenticated SQL Injection via Search Package Parameter
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A SQL injection vulnerability in POST /search/search=packages in LibreNMS prior to version 24.4.0 allows a user with global read privileges to execute SQL commands via the package parameter. With this vulnerability, an attacker can exploit a SQL injection time based vulnerability to extract all data from the database, such as administrator credentials. Version 24.4.0 contains a patch for the vulnerability.
CVSS 7.1
CVE-2024-32479 WRITEUP HIGH WRITEUP
LibreNMS < 24.4.0 - Stored Cross-Site Scripting via Service Template Name
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the `Service` template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability.
CVSS 7.1
CVE-2024-47523 WRITEUP HIGH WRITEUP
LibreNMS < 24.9.0 - Authenticated Stored Cross-Site Scripting in Alert Transports Details Section
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section (which contains multiple fields depending on which transport is selected at that moment). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0.
CVSS 7.5
CVE-2024-47524 WRITEUP HIGH WRITEUP
LibreNMS < 24.9.0 - Stored Cross-Site Scripting in Device Group Name
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of the Device Groups, its will be trigger. This vulnerability is fixed in 24.9.0.
CVSS 7.2
CVE-2024-47525 WRITEUP HIGH WRITEUP
LibreNMS < 24.9.0 - Authenticated Stored Cross-Site Scripting via Alert Rules Title Field
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0.
CVSS 7.5
CVE-2024-47527 WRITEUP HIGH WRITEUP
LibreNMS < 24.9.0 - Authenticated Stored Cross-Site Scripting via Device Name Hostname Parameter
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hostname" parameter). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0.
CVSS 7.5
CVE-2024-47528 WRITEUP MEDIUM WRITEUP
LibreNMS < 24.9.0 - Stored Cross-Site Scripting via Custom Map Background SVG Upload
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in 24.9.0.
CVSS 4.8
CVE-2024-49758 WRITEUP MEDIUM WRITEUP
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Device Notes
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the ExamplePlugin enable, if java script code is inside the device's Notes, its will be trigger. This vulnerability is fixed in 24.10.0.
CVSS 4.8
CVE-2024-50351 WRITEUP MEDIUM WRITEUP
LibreNMS < 24.10.0 - Reflected Cross-Site Scripting via Device Logs Section Parameter
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting (XSS) vulnerability in the "section" parameter of the "logs" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious "section" parameter, potentially compromising their session and enabling unauthorized actions. The issue arises from a lack of sanitization in the "report_this()" function. This vulnerability is fixed in 24.10.0.
CVSS 4.8
CVE-2024-50355 WRITEUP MEDIUM WRITEUP
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Device Display Name
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input in the device Display Name, if java script code is inside the name of the device Display Name, its can be trigger from different sources. This vulnerability is fixed in 24.10.0.
CVSS 4.8
CVE-2024-51497 WRITEUP MEDIUM WRITEUP
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Custom OID Unit Parameter
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the "unit" parameter when creating a new OID. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0.
CVSS 4.8
CVE-2024-52526 WRITEUP MEDIUM WRITEUP
LibreNMS < 24.10.0 - Authenticated Stored Cross-Site Scripting via Service Descr Parameter
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0.
CVSS 4.8
CVE-2025-54138 WRITEUP HIGH WRITEUP
LibreNMS < 25.7.0 - Remote File Inclusion via ajax_form.php Type Parameter
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. LibreNMS versions 25.6.0 and below contain an architectural vulnerability in the ajax_form.php endpoint that permits Remote File Inclusion based on user-controlled POST input. The application directly uses the type parameter to dynamically include .inc.php files from the trusted path includes/html/forms/, without validation or allowlisting. This pattern introduces a latent Remote Code Execution (RCE) vector if an attacker can stage a file in this include path — for example, via symlink, development misconfiguration, or chained vulnerabilities. This is fixed in version 25.7.0.
CVSS 7.5
CVE-2025-55296 WRITEUP MEDIUM WRITEUP
LibreNMS < 25.8.0 - Stored Cross-Site Scripting in Alert Template Creation
librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (<= 25.6.0) in the Alert Template creation feature. This allows a user with the admin role to inject malicious JavaScript, which will be executed when the template is rendered, potentially compromising other admin accounts. This vulnerability is fixed in 25.8.0.
CVSS 5.5
CVE-2025-62365 WRITEUP MEDIUM WRITEUP
LibreNMS < 25.7.0 - Reflected Cross-Site Scripting via report_this Function
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in `report_this` function in `librenms/includes/functions.php`. The `report_this` function had improper filtering (`htmlentities` function was incorrectly use in a href environment), which caused the `project_issues` parameter to trigger an XSS vulnerability. This vulnerability is fixed in 25.7.0.
CVSS 6.1
CVE-2025-62411 WRITEUP MEDIUM WRITEUP
LibreNMS <= 25.8.0 - Stored Cross-Site Scripting in Alert Transports Management
LibreNMS is a community-based GPL-licensed network monitoring system. LibreNMS <= 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the value of the Transport name field is stored and later rendered in the Transports column of the Alert Rules page without proper input validation or output encoding. This leads to arbitrary JavaScript execution in the admin’s browser. This vulnerability is fixed in 25.10.0.
CVSS 5.5
CVE-2025-62412 WRITEUP LOW WRITEUP
LibreNMS < 25.10.0 - Stored Cross-Site Scripting in Alert Rule Name
LibreNMS is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts > Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0.
CVSS 3.8