Stored XSS Vulnerability in LibreNMS Network Monitoring System
CVE-2024-50352

5.4MEDIUM

Key Information:

Vendor: Librenms
Status: Librenms
Vendor: CVE Published:; 15 November 2024

What is CVE-2024-50352?

LibreNMS, an open-source network monitoring system, contains a stored cross-site scripting vulnerability that affects the 'Services' section within the Device Overview page. This issue allows authenticated users to inject arbitrary JavaScript via the 'name' parameter when adding a service to a device. If exploited, it can lead to the execution of the malicious script within the context of other users' sessions, posing a risk to their accounts and enabling unauthorized actions. Users are advised to upgrade to version 24.10.0 or later to mitigate this threat.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/librenms/librenms/security/advisories/...

https://github.com/librenms/librenms/commit/b4af778ca42c5...

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 15, 2024

JSON

Librenms