Vulnerability DatabaseWS-2023-0335
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2023-0335
Published:May 15, 2026
Updated:May 15, 2026
HTML injection possible via LLDP in librenms prior to 22.11.0.
Affected Packages
librenms/librenms (PHP):
Affected version(s) =dev-revert-14058-tud-zih/22.4-feature_apc_battery_operation_time <dev-revert-15822-feature/compoships
Fix Suggestion:
Update to version dev-revert-15822-feature/compoships
librenms/librenms (PHP):
Affected version(s) =dev-revert-12735-rrd-stdout <dev-pr12764
Fix Suggestion:
Update to version dev-pr12764
librenms/librenms (PHP):
Affected version(s) >=21.1.0 <dev-analysis-22NN39
Fix Suggestion:
Update to version dev-analysis-22NN39
librenms/librenms (PHP):
Affected version(s) >=22.4.1 <22.11.0
Fix Suggestion:
Update to version 22.11.0
librenms/librenms (PHP):
Affected version(s) >=dev-master <dev-refactor-discovery
Fix Suggestion:
Update to version dev-refactor-discovery
librenms/librenms (PHP):
Affected version(s) =dev-dependabot/composer/composer/composer-2.0.13 <dev-dependabot/composer/composer/composer-2.1.9
Fix Suggestion:
Update to version dev-dependabot/composer/composer/composer-2.1.9
librenms/librenms (PHP):
Affected version(s) =dev-shift-73269 <dev-shift-89094
Fix Suggestion:
Update to version dev-shift-89094
librenms/librenms (PHP):
Affected version(s) =dev-analysis-PGoGkL <dev-analysis-QMWAoZ
Fix Suggestion:
Update to version dev-analysis-QMWAoZ
librenms/librenms (PHP):
Affected version(s) =dev-murrant-patch-1 <dev-ottorei-patch-1
Fix Suggestion:
Update to version dev-ottorei-patch-1
librenms/librenms (PHP):
Affected version(s) =dev-analysis-rrGdgx <dev-analysis-vZroON
Fix Suggestion:
Update to version dev-analysis-vZroON
librenms/librenms (PHP):
Affected version(s) =dev-analysis-jlj6gr <dev-dependabot/composer/phpmailer/phpmailer-6.4.1
Fix Suggestion:
Update to version dev-dependabot/composer/phpmailer/phpmailer-6.4.1
librenms/librenms (PHP):
Affected version(s) =dev-dependabot/composer/phpmailer/phpmailer-6.5.0 <dev-dependabot/npm_and_yarn/elliptic-6.5.4
Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/elliptic-6.5.4
librenms/librenms (PHP):
Affected version(s) >=22.1.0 <22.4.x-dev
Fix Suggestion:
Update to version 22.4.x-dev
librenms/librenms (PHP):
Affected version(s) =dev-dependabot/composer/rmccue/requests-1.8.0 <dev-dependabot/npm_and_yarn/follow-redirects-1.14.8
Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/follow-redirects-1.14.8
librenms/librenms (PHP):
Affected version(s) =dev-analysis-JGbY2Q <dev-analysis-2QrVk9
Fix Suggestion:
Update to version dev-analysis-2QrVk9
librenms/librenms (PHP):
Affected version(s) =dev-dependabot/npm_and_yarn/url-parse-1.5.1 <dev-dependabot/npm_and_yarn/axios-1.7.4
Fix Suggestion:
Update to version dev-dependabot/npm_and_yarn/axios-1.7.4
librenms/librenms (PHP):
Affected version(s) >=dev-php53 <dev-php81
Fix Suggestion:
Update to version dev-php81
librenms/librenms (PHP):
Affected version(s) =dev-travis <dev-vlan-discovery-only
Fix Suggestion:
Update to version dev-vlan-discovery-only
Related Resources (1)
https://github.com/librenms/librenms/commit/41967743f41b4623a738dff25b0ea2eb8a86135c
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.4
Attack Vector
ADJACENT
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
HIGH
Subsequent System Integrity
HIGH
Subsequent System Availability
HIGH
CVSS v3
Base Score:
8.8
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH