Cross-site Scripting (XSS) - DOM in librenms/librenms
CVE-2023-4981

8.8HIGH

Key Information:

Vendor: Librenms
Status: Librenms/librenms
Vendor: CVE Published:; 15 September 2023

What is CVE-2023-4981?

A cross-site scripting vulnerability has been identified in LibreNMS, a network monitoring tool. This flaw occurs within the Document Object Model (DOM) of the application, allowing attackers to inject malicious scripts. If successfully exploited, this vulnerability could enable unauthorized access to user information or manipulate user sessions. Users of LibreNMS versions prior to 23.9.0 are urged to update to the latest version to mitigate potential risks.

Affected Version(s)

librenms/librenms < 23.9.0

References

https://huntr.dev/bounties/1f014494-49a9-4bf0-8d43-a67549...

https://github.com/librenms/librenms/commit/03c4da62c8acd...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 15, 2023
Vulnerability Reserved
Sep 15, 2023

Librenms

What is CVE-2023-4981?

Affected Version(s)

References

CVSS V3.1

Timeline