CVE-2024-32479

2024-04-2222:15:08

CWE-79

[email protected]

web.nvd.nist.gov

librenms

open-source

php

mysql

snmp

network monitoring

stored cross-site scripting

vulnerability

sanitization

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.8%

JSON

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the Service template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability.

Affected configurations

Vulners

Node

librenmslibrenmsRange<24.4.0

VendorProductVersionCPE
librenmslibrenms*cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
librenms	librenms	*	cpe:2.3:a:librenms:librenms::::::::

CNA Affected

[
  {
    "vendor": "librenms",
    "product": "librenms",
    "versions": [
      {
        "version": "< 24.4.0",
        "status": "affected"
      }
    ]
  }
]