LibreNMS DC-2024-49764 (Critical)

2024-11-20

: LibreNMS, an open-source network monitoring system, is vulnerable to XSS attacks. An attacker can inject malicious code through the “hostname” parameter when creating a new device. This code can steal user cookies and redirect them to attacker-controlled sites. This vulnerability is fixed in version 24.10.0.

Vulnerability Details:

Platform: LibreNMS
Version: All versions before 24.10.0
Vulnerability: Stored Cross-Site Scripting (XSS)
Severity: Critical
Date: November 15, 2024 (published)

What Undercode Says:

LibreNMS users should update to version 24.10.0 immediately to address this critical vulnerability. This vulnerability allows attackers to steal user credentials and hijack sessions. Administrators should also be aware of phishing attempts that may try to leverage this vulnerability.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top