2024-11-22
This article describes a critical Reflected Cross-Site Scripting (XSS) vulnerability (CVE-2024-50351) in LibreNMS, an open-source network monitoring system.
Vulnerability Details:
Platform: LibreNMS
Version: All versions before 24.10.0
Vulnerability: Reflected XSS
Severity: Critical
Date: November 15, 2024 (Published by NIST)
The vulnerability resides in the “section” parameter of the “logs” tab for devices. An attacker can inject malicious JavaScript code through this parameter. When a user accesses the page with the injected code, the script executes, potentially compromising the user’s session and enabling unauthorized actions.
The issue stems from a lack of proper sanitization within the “report_this()” function. The vulnerability is fixed in LibreNMS version 24.10.0.
What Undercode Says:
This critical XSS vulnerability in LibreNMS poses a significant risk to users. Upgrading to version 24.10.0 immediately is crucial to mitigate this risk.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help