Russian Vulnerability Scanner Database

Back to List

CVE-2025-23200

Scores

EPSS

0.000none0.0%
0%20%40%60%80%100%

Percentile: 0.0%

CVSS

5.4medium3.x
0246810

CVSS Score: 5.4/10

All CVSS Scores

CVSS 3.x
5.4

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Description

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: ajax_form.php -> param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

anchore_overridesnvd

CWEs

CWE-79

Vulnerable Software (2)

Type: Configuration

Operating System:

Trait: 
{  "children": [    {      "cpe_match": [        {          "cpe23uri": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:php:*:*",          "versionEndExcluding": "24.11.0"        }      ],      "negat...

Source: anchore_overrides

Type: Configuration

Vendor: librenms

Product: librenms

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*",      "versionEndExcluding": "24.11.0",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd