CVE-2024-49758

Exploit

EPSS 0.33%
Veröffentlicht 15.11.2024 16:15:34
Zuletzt bearbeitet 20.11.2024 14:40:36
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

LibreNMS has a stored XSS in ExamplePlugin with Device's Notes

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the ExamplePlugin enable, if java script code is inside the device's Notes, its will be trigger. This vulnerability is fixed in 24.10.0.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Librenms ≫ Librenms Version < 24.10.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.33%	0.247

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.8	1.7	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com	4.8	1.7	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/librenms/librenms/commit/24b142d753898e273ec20b542a27dd6eb530c7d8

Patch

https://github.com/librenms/librenms/security/advisories/GHSA-c86q-rj37-8f85

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-49758

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-49758

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-49758

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-49758