Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-q132-6t8v-33h4
Summarylibrenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Aliases
0
alias CVE-2025-23198
1
alias GHSA-pm8j-3v64-92cq
Fixed_packages
0
url pkg:composer/librenms/librenms@24.11.0
purl pkg:composer/librenms/librenms@24.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18g9-2u9c-nbez
1
vulnerability VCID-2gun-mcx6-akcy
2
vulnerability VCID-adhj-ruja-n7gb
3
vulnerability VCID-ae82-tsr6-c3cw
4
vulnerability VCID-cc1u-4ca7-v7he
5
vulnerability VCID-cmqg-e3da-r7cf
6
vulnerability VCID-cntm-etf9-kkbv
7
vulnerability VCID-g8zs-nkxb-hyc4
8
vulnerability VCID-js2a-whr7-dufs
9
vulnerability VCID-k3xn-xjwb-a3en
10
vulnerability VCID-k5z7-q82d-tue6
11
vulnerability VCID-kmqh-r237-a7gu
12
vulnerability VCID-mb8k-971z-myd1
13
vulnerability VCID-rfwn-r567-qben
14
vulnerability VCID-st22-w6hp-tka9
15
vulnerability VCID-uwnc-rpz9-7be2
16
vulnerability VCID-vqdk-y6g3-gugt
17
vulnerability VCID-x6na-j6w4-n7aj
18
vulnerability VCID-x8rp-7y5r-v3eg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.11.0
Affected_packages
0
url pkg:composer/librenms/librenms@24.9.0
purl pkg:composer/librenms/librenms@24.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18g9-2u9c-nbez
1
vulnerability VCID-2gun-mcx6-akcy
2
vulnerability VCID-2zej-x5n6-cqbf
3
vulnerability VCID-3faw-j7vn-hfaz
4
vulnerability VCID-4syp-nckb-9fbw
5
vulnerability VCID-5999-8pth-d7ba
6
vulnerability VCID-7eqy-4u3h-5fa5
7
vulnerability VCID-ae82-tsr6-c3cw
8
vulnerability VCID-byb9-nnem-5bdu
9
vulnerability VCID-c5qg-fsdx-w7eg
10
vulnerability VCID-cc1u-4ca7-v7he
11
vulnerability VCID-cmqg-e3da-r7cf
12
vulnerability VCID-cntm-etf9-kkbv
13
vulnerability VCID-dmsz-ct8c-zuf9
14
vulnerability VCID-e4k8-c86a-ekda
15
vulnerability VCID-eq4t-1cwx-zfh5
16
vulnerability VCID-eyv3-xp88-t7en
17
vulnerability VCID-g8zs-nkxb-hyc4
18
vulnerability VCID-js2a-whr7-dufs
19
vulnerability VCID-k3xn-xjwb-a3en
20
vulnerability VCID-k5z7-q82d-tue6
21
vulnerability VCID-kmqh-r237-a7gu
22
vulnerability VCID-mb8k-971z-myd1
23
vulnerability VCID-nexf-h4db-vkh5
24
vulnerability VCID-q132-6t8v-33h4
25
vulnerability VCID-rfwn-r567-qben
26
vulnerability VCID-st22-w6hp-tka9
27
vulnerability VCID-tdcf-uak3-gfec
28
vulnerability VCID-tq42-r5ny-nbfu
29
vulnerability VCID-u5dh-nt5q-4kh2
30
vulnerability VCID-uwnc-rpz9-7be2
31
vulnerability VCID-vqdk-y6g3-gugt
32
vulnerability VCID-wkpv-dkbj-6ybd
33
vulnerability VCID-x61k-4513-hqew
34
vulnerability VCID-x6na-j6w4-n7aj
35
vulnerability VCID-x8rp-7y5r-v3eg
36
vulnerability VCID-zhac-9svg-4fb3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.9.0
1
url pkg:composer/librenms/librenms@24.9.1
purl pkg:composer/librenms/librenms@24.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18g9-2u9c-nbez
1
vulnerability VCID-2gun-mcx6-akcy
2
vulnerability VCID-2zej-x5n6-cqbf
3
vulnerability VCID-3faw-j7vn-hfaz
4
vulnerability VCID-4syp-nckb-9fbw
5
vulnerability VCID-5999-8pth-d7ba
6
vulnerability VCID-7eqy-4u3h-5fa5
7
vulnerability VCID-ae82-tsr6-c3cw
8
vulnerability VCID-byb9-nnem-5bdu
9
vulnerability VCID-c5qg-fsdx-w7eg
10
vulnerability VCID-cc1u-4ca7-v7he
11
vulnerability VCID-cmqg-e3da-r7cf
12
vulnerability VCID-cntm-etf9-kkbv
13
vulnerability VCID-dmsz-ct8c-zuf9
14
vulnerability VCID-e4k8-c86a-ekda
15
vulnerability VCID-eq4t-1cwx-zfh5
16
vulnerability VCID-eyv3-xp88-t7en
17
vulnerability VCID-g8zs-nkxb-hyc4
18
vulnerability VCID-js2a-whr7-dufs
19
vulnerability VCID-k3xn-xjwb-a3en
20
vulnerability VCID-k5z7-q82d-tue6
21
vulnerability VCID-kmqh-r237-a7gu
22
vulnerability VCID-mb8k-971z-myd1
23
vulnerability VCID-nexf-h4db-vkh5
24
vulnerability VCID-q132-6t8v-33h4
25
vulnerability VCID-rfwn-r567-qben
26
vulnerability VCID-st22-w6hp-tka9
27
vulnerability VCID-tdcf-uak3-gfec
28
vulnerability VCID-tq42-r5ny-nbfu
29
vulnerability VCID-u5dh-nt5q-4kh2
30
vulnerability VCID-uwnc-rpz9-7be2
31
vulnerability VCID-vqdk-y6g3-gugt
32
vulnerability VCID-wkpv-dkbj-6ybd
33
vulnerability VCID-x61k-4513-hqew
34
vulnerability VCID-x6na-j6w4-n7aj
35
vulnerability VCID-x8rp-7y5r-v3eg
36
vulnerability VCID-zhac-9svg-4fb3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.9.1
2
url pkg:composer/librenms/librenms@24.10.0
purl pkg:composer/librenms/librenms@24.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18g9-2u9c-nbez
1
vulnerability VCID-2gun-mcx6-akcy
2
vulnerability VCID-7eqy-4u3h-5fa5
3
vulnerability VCID-adhj-ruja-n7gb
4
vulnerability VCID-ae82-tsr6-c3cw
5
vulnerability VCID-cc1u-4ca7-v7he
6
vulnerability VCID-cmqg-e3da-r7cf
7
vulnerability VCID-cntm-etf9-kkbv
8
vulnerability VCID-e4k8-c86a-ekda
9
vulnerability VCID-g8zs-nkxb-hyc4
10
vulnerability VCID-js2a-whr7-dufs
11
vulnerability VCID-k3xn-xjwb-a3en
12
vulnerability VCID-k5z7-q82d-tue6
13
vulnerability VCID-kmqh-r237-a7gu
14
vulnerability VCID-mb8k-971z-myd1
15
vulnerability VCID-nexf-h4db-vkh5
16
vulnerability VCID-q132-6t8v-33h4
17
vulnerability VCID-rfwn-r567-qben
18
vulnerability VCID-st22-w6hp-tka9
19
vulnerability VCID-uwnc-rpz9-7be2
20
vulnerability VCID-vqdk-y6g3-gugt
21
vulnerability VCID-wkpv-dkbj-6ybd
22
vulnerability VCID-x6na-j6w4-n7aj
23
vulnerability VCID-x8rp-7y5r-v3eg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.0
3
url pkg:composer/librenms/librenms@24.10.1
purl pkg:composer/librenms/librenms@24.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-18g9-2u9c-nbez
1
vulnerability VCID-2gun-mcx6-akcy
2
vulnerability VCID-7eqy-4u3h-5fa5
3
vulnerability VCID-adhj-ruja-n7gb
4
vulnerability VCID-ae82-tsr6-c3cw
5
vulnerability VCID-cc1u-4ca7-v7he
6
vulnerability VCID-cmqg-e3da-r7cf
7
vulnerability VCID-cntm-etf9-kkbv
8
vulnerability VCID-e4k8-c86a-ekda
9
vulnerability VCID-g8zs-nkxb-hyc4
10
vulnerability VCID-js2a-whr7-dufs
11
vulnerability VCID-k3xn-xjwb-a3en
12
vulnerability VCID-k5z7-q82d-tue6
13
vulnerability VCID-kmqh-r237-a7gu
14
vulnerability VCID-mb8k-971z-myd1
15
vulnerability VCID-nexf-h4db-vkh5
16
vulnerability VCID-q132-6t8v-33h4
17
vulnerability VCID-rfwn-r567-qben
18
vulnerability VCID-st22-w6hp-tka9
19
vulnerability VCID-uwnc-rpz9-7be2
20
vulnerability VCID-vqdk-y6g3-gugt
21
vulnerability VCID-wkpv-dkbj-6ybd
22
vulnerability VCID-x6na-j6w4-n7aj
23
vulnerability VCID-x8rp-7y5r-v3eg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/librenms/librenms@24.10.1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-23198
reference_id
reference_type
scores
0
value 0.00273
scoring_system epss
scoring_elements 0.51005
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-23198
1
reference_url https://github.com/librenms/librenms/commit/afe92dbf4321f107012690d476685603d1ccb013
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/librenms/librenms/commit/afe92dbf4321f107012690d476685603d1ccb013
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-23198
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-23198
3
reference_url https://github.com/advisories/GHSA-pm8j-3v64-92cq
reference_id GHSA-pm8j-3v64-92cq
reference_type
scores
url https://github.com/advisories/GHSA-pm8j-3v64-92cq
4
reference_url https://github.com/librenms/librenms/security/advisories/GHSA-pm8j-3v64-92cq
reference_id GHSA-pm8j-3v64-92cq
reference_type
scores
0
value 4.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-17T14:56:12Z/
url https://github.com/librenms/librenms/security/advisories/GHSA-pm8j-3v64-92cq
Weaknesses
0
cwe_id 79
name Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-q132-6t8v-33h4