{
  "affected": [
    {
      "ranges": [
        {
          "events": [
            {
              "introduced": "14bb598f7a48a9ef334424b8093ac68b66ec6559"
            },
            {
              "fixed": "7393c0337c12166b3a95485a9e805b4c9a88239f"
            }
          ],
          "repo": "https://github.com/librenms/librenms",
          "type": "GIT"
        }
      ]
    }
  ],
  "aliases": [
    "GHSA-6g2v-66ch-6xmh"
  ],
  "database_specific": {
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
      "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62412.json"
  },
  "details": "LibreNMS  is a community-based GPL-licensed network monitoring system. The alert rule name in the Alerts \u003e Alert Rules page is not properly sanitized, and can be used to inject HTML code. This vulnerability is fixed in 25.10.0.",
  "id": "CVE-2025-62412",
  "modified": "2026-04-01T23:07:49.777976466Z",
  "published": "2025-10-16T17:54:09.256Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/62xxx/CVE-2025-62412.json"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/librenms/librenms/security/advisories/GHSA-6g2v-66ch-6xmh"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62412"
    },
    {
      "type": "FIX",
      "url": "https://github.com/librenms/librenms/commit/dccdf6769976a974d70f06a7ce8d5a846b29db6f"
    }
  ],
  "schema_version": "1.7.3",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "LibreNMS alert-rules Cross-Site Scripting Vulnerability"
}