Cross-site Scripting (XSS) - Generic in librenms/librenms
CVE-2023-4980

8.8HIGH

Key Information:

Vendor: Librenms
Status: Librenms/librenms
Vendor: CVE Published:; 15 September 2023

What is CVE-2023-4980?

A Cross-Site Scripting (XSS) vulnerability exists in the LibreNMS platform, allowing attackers to inject malicious scripts into web pages viewed by users. This challenge arises in versions prior to 23.9.0, where improper handling of user input enables potential exploitation. Users remain susceptible to sensitive data exposure and redirection threats. Upgrading to the latest version is crucial to mitigate risks associated with this vulnerability and strengthen application security.

Affected Version(s)

librenms/librenms < 23.9.0

References

https://huntr.dev/bounties/470b9b13-b7fe-4b3f-a186-fdc5dc...

https://github.com/librenms/librenms/commit/cfd642be6a1e9...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 15, 2023
Vulnerability Reserved
Sep 15, 2023

Librenms

What is CVE-2023-4980?

Affected Version(s)

References

CVSS V3.1

Timeline