Stored Cross-Site Scripting Vulnerability in LibreNMS by LibreNMS
CVE-2024-53457

5.4MEDIUM

Key Information:

Vendor: LibreNMS
Status: LibreNMS
Vendor: CVE Published:; 5 December 2024

What is CVE-2024-53457?

A stored cross-site scripting (XSS) vulnerability exists in LibreNMS, specifically within the Device Settings section. This flaw allows attackers to inject arbitrary web scripts or HTML through a crafted payload into the Display Name parameter, leading to potential exploitation. Successful exploitation of this vulnerability can enable attackers to manipulate user interactions or steal sensitive information.

References

https://github.com/tCu0n9/Stored-XSS-LibreNMS-Display-Nam...

EPSS Score

35% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2024
Vulnerability Reserved
Nov 20, 2024

CVE-2024-53457 Data

JSON