LibreNMS versions 22.8.0 and prior allow attackers to execute arbitrary JavaScript code via the Schedule Maintenance `Title` parameter. A patch is available and anticipated to be part of version 22.9.0.

Affected Packages

Packagist librenms/librenms

Affected versions: 0 (fixed in 22.9.0)

Related CVEs

CVE-2022-3231

Key Information

GHSA ID

GHSA-3jh2-wmv7-m932

Published

September 18, 2022 12:00 AM

Last Modified

September 22, 2022 5:28 PM

CVSS Score

5.0 /10

Primary Ecosystem

Packagist

Primary Package

librenms/librenms

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 27, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.