Volerion logoVolerion
Volerion logoVolerion

LibreNMS Stored Cross-Site Scripting Vulnerability in Alert Rule API

Vulnerability

A stored cross-site scripting vulnerability has been identified in the Alert Rule API of LibreNMS, prior to version 25.12.0. The issue arises because the alert rule name is not properly sanitized when rules are created or updated via the API, allowing for the injection of HTML code. This vulnerability has been patched in version 25.12.0.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the alert rules.

Reproduction

To reproduce this vulnerability, create or update an alert rule through the LibreNMS API. Include an unescaped HTML payload, such as a script tag, in the rule name. Once the rule is saved, navigate to the Alerts > Alert Rule page. The injected script will be executed when the page is loaded, demonstrating the cross-site scripting vulnerability.

Remediation

Users can update to LibreNMS version 25.12.0 or later, where this vulnerability has been patched.

Added: Dec 23, 2025, 12:17 AM
Updated: Dec 23, 2025, 12:17 AM

Vulnerability Rating

Custom Algorithm
spread
5.0
impact
1.7
exploitability
5.9
remediation
7.7
relevance
1.6
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.