Stored Cross-Site Scripting Vulnerability in LibreNMS by LibreNMS
CVE-2024-53457

Currently unrated

Key Information:

Vendor: LibreNMS
Status: LibreNMS
Vendor: CVE Published:; 5 December 2024

What is CVE-2024-53457?

A stored cross-site scripting (XSS) vulnerability exists in LibreNMS, specifically within the Device Settings section. This flaw allows attackers to inject arbitrary web scripts or HTML through a crafted payload into the Display Name parameter, leading to potential exploitation. Successful exploitation of this vulnerability can enable attackers to manipulate user interactions or steal sensitive information.

References

https://github.com/tCu0n9/Stored-XSS-LibreNMS-Display-Nam...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2024
Vulnerability Reserved
Nov 20, 2024