Lucene search

[email protected]CVE-2023-4978

HistorySep 15, 2023 - 1:15 a.m.

CVE-2023-4978

2023-09-1501:15:08

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-4978

cross-site scripting

xss

librenms

nvd

github

dom

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

16.6%

JSON

Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.

CPENameOperatorVersion
librenms:librenmslibrenmslt23.9.0
librenms:librenmslibrenmseq1.62.2
librenms:librenmslibrenmseq1.65.1
librenms:librenmslibrenmseq1.68
librenms:librenmslibrenmseq1.32.01
librenms:librenmslibrenmseq1.62
librenms:librenmslibrenmseq1.65
librenms:librenmslibrenmseq1.29
librenms:librenmslibrenmseq1.25
librenms:librenmslibrenmseq1.57

CPE	Name	Operator	Version
librenms:librenms	librenms	lt	23.9.0
librenms:librenms	librenms	eq	1.62.2
librenms:librenms	librenms	eq	1.65.1
librenms:librenms	librenms	eq	1.68
librenms:librenms	librenms	eq	1.32.01
librenms:librenms	librenms	eq	1.62
librenms:librenms	librenms	eq	1.65
librenms:librenms	librenms	eq	1.29
librenms:librenms	librenms	eq	1.25
librenms:librenms	librenms	eq	1.57

Rows per page:

1-10 of 1151

References

github.com/librenms/librenms/commit/e4c46a45364cb944b94abf9b83f0558b2c4c2fb7

huntr.dev/bounties/cefd9295-2053-4e6e-a130-7e1f845728f4

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.0005 Low

EPSS

Percentile

16.6%

JSON

Related for CVE-2023-4978

prion1 huntr1 cvelist1 osv2 github1