Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-91gw-qj5p-y3ed
Vulnerability ID VCID-91gw-qj5p-y3ed
Aliases CVE-2022-4068
GHSA-f3hw-3h74-wr98
Summary A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin's account.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.50253 https://api.first.org/data/v1/epss?cve=CVE-2022-4068
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-f3hw-3h74-wr98
cvssv3.1 7.6 https://github.com/librenms/librenms
generic_textual HIGH https://github.com/librenms/librenms
cvssv3 7.6 https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1
cvssv3.1 7.6 https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1
generic_textual HIGH https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1
ssvc Track https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1
cvssv3 7.6 https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc
cvssv3.1 7.6 https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc
generic_textual HIGH https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc
ssvc Track https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc
cvssv3.1 7.6 https://nvd.nist.gov/vuln/detail/CVE-2022-4068
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2022-4068
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-4068
09a2977adb8bc4b1db116c725d661160c930d3a1 https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1
becfecc4-22a6-4f94-bf83-d6030b625fdc https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc
CVE-2022-4068 https://nvd.nist.gov/vuln/detail/CVE-2022-4068
GHSA-f3hw-3h74-wr98 https://github.com/advisories/GHSA-f3hw-3h74-wr98
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L Found at https://github.com/librenms/librenms
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L Found at https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L Found at https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T18:58:11Z/ Found at https://github.com/librenms/librenms/commit/09a2977adb8bc4b1db116c725d661160c930d3a1
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L Found at https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L Found at https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-25T18:58:11Z/ Found at https://huntr.dev/bounties/becfecc4-22a6-4f94-bf83-d6030b625fdc
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2022-4068
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.97894
EPSS Score 0.50253
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T17:38:55.801427+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2022/4xxx/CVE-2022-4068.json 38.6.0