A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.