Overview
- Description
- LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input in the device Display Name, if java script code is inside the name of the device Display Name, its can be trigger from different sources. This vulnerability is fixed in 24.10.0.
- Source
- security-advisories@github.com
- NVD status
- Received
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 4.8
- Impact score
- 2.7
- Exploitability score
- 1.7
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- security-advisories@github.com
- CWE-79
Social media
- Hype score
- Not currently trending
CVE-2024-50355 Cross-Site Scripting Vulnerability in LibreNMS Before Version 24.10.0 LibreNMS is a network monitoring system that uses PHP/MySQL/SNMP and is open-source. Admin users can change a device's Display ... https://t.co/Dlj06taFzd
@VulmonFeeds
15 Nov 2024
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-50355 LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can edit the Display Name of a device, the application did not proper… https://t.co/9tItC0MNV0
@CVEnew
15 Nov 2024
252 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes