Insufficient Session Expiration in GitHub repository librenms/librenms prior to 22.10.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.