2024-11-20
Platform: LibreNMS
Version: Unaffected versions not listed (all versions before 24.10.0 likely vulnerable)
Vulnerability: Stored Cross-Site Scripting (XSS)
Severity: Critical
Date: November 15, 2024 (published)
:
LibreNMS, a network monitoring system, is vulnerable to XSS attacks through the “descr” parameter on the “Port Settings” page. This allows authenticated attackers to inject malicious code that executes when the page is visited. This compromises user sessions and grants unauthorized access. The vulnerability is fixed in version 24.10.0.
What Undercode Says:
LibreNMS users should update to version 24.10.0 immediately to address this critical vulnerability. Until then, exercise caution when editing device port settings.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help