Lucene search

GitHub_MCVELIST:CVE-2024-32479

HistoryApr 22, 2024 - 10:07 p.m.

CVE-2024-32479 LibreNMS's Improper Sanitization on Service template name leads to Stored XSS

2024-04-2222:07:08

CWE-79

GitHub_M

www.cve.org

librenms

php

mysql

snmp

network monitoring

version 24.4.0

stored cross-site scripting

vulnerability

improper sanitization

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

15.8%

JSON

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to version 24.4.0, there is improper sanitization on the Service template name, which can lead to stored Cross-site Scripting. Version 24.4.0 fixes this vulnerability.

CNA Affected

[
  {
    "vendor": "librenms",
    "product": "librenms",
    "versions": [
      {
        "version": "< 24.4.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/librenms/librenms/blob/a61c11db7e8ef6a437ab55741658be2be7d14d34/app/Http/Controllers/ServiceTemplateController.php#L67C23-L67C23

github.com/librenms/librenms/commit/19344f0584d4d6d4526fdf331adc60530e3f685b

github.com/librenms/librenms/security/advisories/GHSA-72m9-7c8x-pmmw

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

15.8%

JSON

Related for CVELIST:CVE-2024-32479