2024-11-22
This article describes a Reflected Cross-Site Scripting (XSS) vulnerability (CVE-2024-51496) in LibreNMS, an open-source network monitoring system. Attackers can exploit this vulnerability by injecting malicious code through the “metric” parameter in “/wireless” and “/health” endpoints. This code can then be executed when a user accesses the page, potentially compromising their session or allowing unauthorized actions. The vulnerability is fixed in version 24.10.0.
Vulnerability :
Platform: LibreNMS
Version: Not specified
Vulnerability: Reflected XSS (CVE-2024-51496)
Severity: Medium
Date: November 15, 2024 (published)
What Undercode Says:
LibreNMS users should upgrade to version 24.10.0 or later to address this XSS vulnerability. This vulnerability could allow attackers to steal user sessions or perform other malicious actions.
References:
Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help