2024-11-20
:
LibreNMS, an open-source network monitoring system, is vulnerable to Cross-Site Scripting (XSS) due to improper sanitization of user input in the device display name. An attacker with admin privileges can inject malicious code into the display name, which could be executed by other users when viewing the device information. This vulnerability is fixed in version 24.10.0.
Vulnerability Details:
Platform: LibreNMS
Version: All versions before 24.10.0
Vulnerability: Cross-Site Scripting (XSS)
Severity: Critical
Date: November 15, 2024 (NVD Published Date)
What Undercode Says:
This critical XSS vulnerability in LibreNMS allows attackers to inject malicious code into the device display name. This code can then be executed by other users when viewing device information, potentially leading to account compromise or other attacks. It’s crucial to update to LibreNMS version 24.10.0 or later to mitigate this risk.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help