CVE-2024-52526

Published Nov 15, 2024

Last updated 2 days ago

CVSS medium 4.8

Overview

Description
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.8
Impact score
2.7
Exploitability score
1.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-79

Social media

Hype score
Not currently trending

  1. CVE-2024-52526 LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Services" tab of the Device page… https://t.co/PchwBhNt76

    @CVEnew

    15 Nov 2024

    193 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References