{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14bb598f7a48a9ef334424b8093ac68b66ec6559"
            }
          ],
          "repo": "https://github.com/librenms/librenms",
          "type": "GIT"
        }
      ]
    }
  ],
  "aliases": [
    "GHSA-vxq6-8cwm-wj99"
  ],
  "database_specific": {
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
      "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55296.json"
  },
  "details": "librenms is a community-based GPL-licensed network monitoring system. A stored Cross-Site Scripting (XSS) vulnerability exists in LibreNMS (\u003c= 25.6.0) in the Alert Template creation feature. This allows a user with the admin role to inject malicious JavaScript, which will be executed when the template is rendered, potentially compromising other admin accounts. This vulnerability is fixed in 25.8.0.",
  "id": "CVE-2025-55296",
  "modified": "2026-04-01T23:09:52.325765488Z",
  "published": "2025-08-18T17:27:52.662Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/55xxx/CVE-2025-55296.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/librenms/librenms/security/advisories/GHSA-vxq6-8cwm-wj99"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55296"
    },
    {
      "type": "FIX",
      "url": "https://github.com/librenms/librenms/commit/8ade3d827d317f5ac4b336617aafff865f825958"
    }
  ],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "LibreNMS allows stored XSS in Alert Template name field"
}