Stored Cross-Site Scripting Vulnerability in LibreNMS Network Monitoring System
CVE-2024-51497

5.4MEDIUM

Key Information:

Vendor: Librenms
Status: Librenms
Vendor: CVE Published:; 15 November 2024

What is CVE-2024-51497?

LibreNMS, an open-source network monitoring solution, is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability found in the 'Custom OID' tab. This flaw allows authenticated users to inject arbitrary JavaScript code via the 'unit' parameter while creating a new OID. As a result, malicious scripts can be executed in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized activities. Users are strongly encouraged to upgrade to version 24.10.0 or later to mitigate this risk.

References

https://github.com/librenms/librenms/security/advisories/...

https://github.com/librenms/librenms/commit/42b156e42a381...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Nov 15, 2024

Librenms

What is CVE-2024-51497?

References

CVSS V3.1

Timeline