GHSA-f8x4-f32r-w556: PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references

GHSA-cx95-q6gx-w4qp: SAK-50571 Sakai Kernel users created with type roleview can login as a normal user

GHSA-pf5v-pqfv-x8jj: OpenCanary Executes Commands From Potentially Writable Config File

GHSA-qh8g-58pp-2wxh: Eclipse Jetty URI parsing of invalid authority

GHSA-g8m5-722r-8whq: Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks

LibreNMS versions 22.8.0 and prior allow attackers to execute arbitrary JavaScript code via the Schedule Maintenance `Title` parameter. A patch is available and anticipated to be part of version 22.9.0.

**LibreNMS stored Cross-site Scripting via Schedule Maintenance \`Title\` parameter**

Moderate severity GitHub Reviewed Published Sep 18, 2022 • Updated Sep 20, 2022

Headline

GHSA-3jh2-wmv7-m932: LibreNMS stored Cross-site Scripting via Schedule Maintenance `Title` parameter

Related news

ghsa: Latest News