Lucene search
K

61 matches found

Snyk
Snyk
added 2024/10/01 8:31 p.m.2 views

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Title field in the "Alert Rules" feature. Details Cross-site scripting or XSS is a...

7.5CVSS5.3AI score0.26569EPSS
Exploits1References2
OSV
OSV
added 2024/10/01 8:31 p.m.9 views

GHSA-J2J9-7PR6-XQWV LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromisin...

7.5CVSS5.7AI score0.26569EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2024/10/01 8:31 p.m.20 views

LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature

Summary A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromisin...

7.5CVSS5AI score0.26569EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/01 8:27 p.m.8 views

CVE-2024-47525 Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-alert-rules.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious...

7.5CVSS5.5AI score0.26569EPSS
Exploits1References3
CVE
CVE
added 2024/10/01 8:27 p.m.54 views

CVE-2024-47525

CVE-2024-47525 is a Stored XSS in LibreNMS affecting the Alert Rules feature, where input in the Title field may inject arbitrary JavaScript. The root cause is inadequate sanitization of the rule title in the server-side rendering path (print-alert-rules.php). Impact described across sources incl...

7.5CVSS5.6AI score0.26569EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/10/01 8:27 p.m.18 views

CVE-2024-47525 Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-alert-rules.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious...

7.5CVSS5.4AI score0.26569EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/10/01 8:27 p.m.34 views

CVE-2024-47525 Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-alert-rules.php

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious...

7.5CVSS0.26569EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.7 views

PT-2024-7962 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.9.0 Description: A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This can lead to the execution of...

8CVSS5AI score0.26569EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2024/09/28 3:14 a.m.2 views

SUSE CVE-2024-8118

In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules...

4.7CVSS9.3AI score0.00579EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2024/09/26 9:9 p.m.19 views

CVE-2024-8118

A flaw was found in Grafana. The wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules...

4.7CVSS6.7AI score0.00579EPSS
Exploits0References4
NVD
NVD
added 2024/09/17 8:15 p.m.32 views

CVE-2024-45606

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we...

7.1CVSS0.00358EPSS
Exploits0References3
OSV
OSV
added 2024/09/17 7:43 p.m.16 views

CVE-2024-45606 Improper authorization on muting of alert rules in sentry

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we...

7.1CVSS6.6AI score0.00358EPSS
Exploits0References5
Cvelist
Cvelist
added 2024/09/17 7:43 p.m.39 views

CVE-2024-45606 Improper authorization on muting of alert rules in sentry

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we...

7.1CVSS0.00358EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/09/17 7:43 p.m.12 views

CVE-2024-45606 Improper authorization on muting of alert rules in sentry

Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we...

7.1CVSS7AI score0.00358EPSS
Exploits0References3
CVE
CVE
added 2024/09/17 7:43 p.m.62 views

CVE-2024-45606

CVE-2024-45606 affects Sentry (self-hosted and SaaS). An authenticated user could mute alert rules across arbitrary organizations and projects using a known rule ID without membership or project permissions due to improper authorization checks. A fix was issued to scope authorization correctly; a...

7.1CVSS5.7AI score0.00358EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2024/09/17 5:55 p.m.24 views

Sentry improperly authorizes muting of alert rules

Impact An authenticated user can mute alert rules from arbitrary organizations and projects given a known given rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we have identified no instances where alerts have been muted by...

7.1CVSS5.8AI score0.00358EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2024/09/17 12:0 a.m.4 views

Sentry 安全漏洞

Sentry is a developer-oriented bug tracking and performance monitoring platform from Sentry Open Source. A security vulnerability exists in Sentry versions 23.4.0 and earlier and 24.8.0 and earlier, which stems from the fact that an authenticated user can use a known rule ID to mute the alert rul...

7.1CVSS6.4AI score0.00358EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/06/13 12:0 a.m.4 views

Elastic Kibana Security Vulnerability

Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. A security vulnerability exists in Elastic Kibana versions 8.6.3 through 8.13.4, which stems from a...

4.3CVSS6.7AI score0.00372EPSS
Exploits0References2
CNVD
CNVD
added 2022/03/04 12:0 a.m.25 views

Elasticsearch Kibana authorization issue vulnerability

Elasticsearch Kibana is an open source, browser-based analysis and search Elasticsearch dashboard tool from the Dutch company Elasticsearch.Elasticsearch Kibana is vulnerable to an authorization issue that could be exploited by an attacker to create new alert rules or override existing rules...

4.3CVSS2.9AI score0.00544EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/03/03 12:0 a.m.20 views

Elastic Stack Kibana 安全漏洞

Elasticsearch Kibana is an open source, browser-based analysis and search Elasticsearch dashboard tool from the Dutch company Elasticsearch.Elasticsearch Kibana is vulnerable to an authorization issue that could be exploited by an attacker to create new alert rules or override existing rules...

4.3CVSS5.6AI score0.00544EPSS
Exploits0References2
Rows per page
Query Builder