61 matches found
Cross-site Scripting (XSS)
Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Title field in the "Alert Rules" feature. Details Cross-site scripting or XSS is a...
GHSA-J2J9-7PR6-XQWV LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature
Summary A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromisin...
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature
Summary A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromisin...
CVE-2024-47525 Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-alert-rules.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious...
CVE-2024-47525
CVE-2024-47525 is a Stored XSS in LibreNMS affecting the Alert Rules feature, where input in the Title field may inject arbitrary JavaScript. The root cause is inadequate sanitization of the rule title in the server-side rendering path (print-alert-rules.php). Impact described across sources incl...
CVE-2024-47525 Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-alert-rules.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious...
CVE-2024-47525 Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-alert-rules.php
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This vulnerability can lead to the execution of malicious...
PT-2024-7962 · Librenms · Librenms
Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.9.0 Description: A Stored Cross-Site Scripting XSS vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This can lead to the execution of...
SUSE CVE-2024-8118
In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules...
CVE-2024-8118
A flaw was found in Grafana. The wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules...
CVE-2024-45606
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we...
CVE-2024-45606 Improper authorization on muting of alert rules in sentry
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we...
CVE-2024-45606 Improper authorization on muting of alert rules in sentry
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we...
CVE-2024-45606 Improper authorization on muting of alert rules in sentry
Sentry is a developer-first error tracking and performance monitoring platform. An authenticated user can mute alert rules from arbitrary organizations and projects with a know rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we...
CVE-2024-45606
CVE-2024-45606 affects Sentry (self-hosted and SaaS). An authenticated user could mute alert rules across arbitrary organizations and projects using a known rule ID without membership or project permissions due to improper authorization checks. A fix was issued to scope authorization correctly; a...
Sentry improperly authorizes muting of alert rules
Impact An authenticated user can mute alert rules from arbitrary organizations and projects given a known given rule ID. The user does not need to be a member of the organization or have permissions on the project. In our review, we have identified no instances where alerts have been muted by...
Sentry 安全漏洞
Sentry is a developer-oriented bug tracking and performance monitoring platform from Sentry Open Source. A security vulnerability exists in Sentry versions 23.4.0 and earlier and 24.8.0 and earlier, which stems from the fact that an authenticated user can use a known rule ID to mute the alert rul...
Elastic Kibana Security Vulnerability
Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. A security vulnerability exists in Elastic Kibana versions 8.6.3 through 8.13.4, which stems from a...
Elasticsearch Kibana authorization issue vulnerability
Elasticsearch Kibana is an open source, browser-based analysis and search Elasticsearch dashboard tool from the Dutch company Elasticsearch.Elasticsearch Kibana is vulnerable to an authorization issue that could be exploited by an attacker to create new alert rules or override existing rules...
Elastic Stack Kibana 安全漏洞
Elasticsearch Kibana is an open source, browser-based analysis and search Elasticsearch dashboard tool from the Dutch company Elasticsearch.Elasticsearch Kibana is vulnerable to an authorization issue that could be exploited by an attacker to create new alert rules or override existing rules...