LibreNMS DC-2024-49758 (Medium)

2024-11-20

Platform: LibreNMS
Version: All versions before 24.10.0
Vulnerability: Stored XSS
Severity: Medium
Date: November 15, 2024

What Undercode Says:

LibreNMS, a popular open-source network monitoring system, is vulnerable to a stored Cross-Site Scripting (XSS) attack (CVE-2024-49758). This vulnerability allows an attacker with admin privileges to inject malicious code into device notes when the ExamplePlugin is enabled. When another user views the device notes, the malicious code can be executed in their browser, potentially compromising their session or stealing data.

Upgrade to LibreNMS version 24.10.0 or later to fix this vulnerability. Additionally, limit admin access and implement strong input validation to minimize the attack surface.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top