LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This vulnerability results in the execution of malicious code when the "Port Settings" page is visited after the affected Port Group is added to a device, potentially compromising user sessions and allowing unauthorized actions. This vulnerability is fixed in 24.10.0.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 15 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
First Time appeared Librenms
Librenms librenms
CPEs cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*
Vendors & Products Librenms
Librenms librenms
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 15 Nov 2024 15:45:00 +0000

Type Values Removed Values Added
Description LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This vulnerability results in the execution of malicious code when the "Port Settings" page is visited after the affected Port Group is added to a device, potentially compromising user sessions and allowing unauthorized actions. This vulnerability is fixed in 24.10.0.
Title LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-11-15T16:46:09.054Z

Reserved: 2024-10-22T17:54:40.957Z

Link: CVE-2024-50350

cve-icon Vulnrichment

Updated: 2024-11-15T16:46:03.537Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-15T16:15:35.537

Modified: 2024-11-20T14:39:51.533

Link: CVE-2024-50350

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.