LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of the Device Groups, its will be trigger. This vulnerability is fixed in 24.9.0.
History

Wed, 02 Oct 2024 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Librenms
Librenms librenms
CPEs cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*
Vendors & Products Librenms
Librenms librenms
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 01 Oct 2024 20:45:00 +0000

Type Values Removed Values Added
Description LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of the Device Groups, its will be trigger. This vulnerability is fixed in 24.9.0.
Title LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-10-01T20:30:08.929Z

Updated: 2024-10-02T13:00:16.115Z

Reserved: 2024-09-25T21:46:10.928Z

Link: CVE-2024-47524

cve-icon Vulnrichment

Updated: 2024-10-02T13:00:11.439Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-01T21:15:07.297

Modified: 2024-12-19T15:43:50.877

Link: CVE-2024-47524

cve-icon Redhat

No data.