LibreNMS DC-2024-50351 (Critical)

2024-11-22

This article describes a critical Reflected Cross-Site Scripting (XSS) vulnerability (CVE-2024-50351) in LibreNMS, an open-source network monitoring system.

Vulnerability Details:

Platform: LibreNMS
Version: All versions before 24.10.0
Vulnerability: Reflected XSS
Severity: Critical
Date: November 15, 2024 (Published by NIST)

The vulnerability resides in the “section” parameter of the “logs” tab for devices. An attacker can inject malicious JavaScript code through this parameter. When a user accesses the page with the injected code, the script executes, potentially compromising the user’s session and enabling unauthorized actions.

The issue stems from a lack of proper sanitization within the “report_this()” function. The vulnerability is fixed in LibreNMS version 24.10.0.

What Undercode Says:

This critical XSS vulnerability in LibreNMS poses a significant risk to users. Upgrading to version 24.10.0 immediately is crucial to mitigate this risk.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top