CVE-2024-50352 – LibreNMS Stored Cross-Site Scripting (XSS) Vulnerability

11月 15, 2024
5:16 pm

CVE ID : CVE-2024-50352

Published : Nov. 15, 2024, 4:15 p.m. | 1 hour ago

Description : LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the “Services” section of the Device Overview page allows authenticated users to inject arbitrary JavaScript through the “name” parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the context of other users’ sessions, potentially compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2024-50352 – LibreNMS Stored Cross-Site Scripting (XSS) Vulnerability

Elvescore.io

Recent Posts

CVE-2024-12962 – Code-Projects Job Recruitment SQL Injection Vulnerability

CVE-2024-54907 – TOTOLINK A3002R Remote Code Execution Vulnerability in boa FormWsc Handler

CVE-2024-12960 – Apache MCA 1.0 SQL Injection Vulnerability

CVE-2024-12961 – Apache MCA Portfolio Management System SQL Injection Vulnerability

CVE-2024-12908 – Delinea Secret Server Regular Expression Injection Vulnerability

CVE-2024-12958 – RPost MCA SQL Injection Vulnerability

CVE-2024-50352 – LibreNMS Stored Cross-Site Scripting (XSS) Vulnerability

CVE-2024-50352 – LibreNMS Stored Cross-Site Scripting (XSS) Vulnerability