Stored XSS Vulnerability in LibreNMS Network Monitoring System
CVE-2024-50352

5.4MEDIUM

Key Information:

Vendor: Librenms
Status: Librenms
Vendor: CVE Published:; 15 November 2024

What is CVE-2024-50352?

LibreNMS, an open-source network monitoring system, contains a stored cross-site scripting vulnerability that affects the 'Services' section within the Device Overview page. This issue allows authenticated users to inject arbitrary JavaScript via the 'name' parameter when adding a service to a device. If exploited, it can lead to the execution of the malicious script within the context of other users' sessions, posing a risk to their accounts and enabling unauthorized actions. Users are advised to upgrade to version 24.10.0 or later to mitigate this threat.

References

https://github.com/librenms/librenms/security/advisories/...

https://github.com/librenms/librenms/commit/b4af778ca42c5...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 15, 2024

Librenms

What is CVE-2024-50352?

References

CVSS V3.1

Timeline