3 matches found
CVE-2019-10670
An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqliescaperealstring for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data being injected into these...
CVE-2019-10670
An issue was discovered in LibreNMS through 1.47. Many of the scripts rely on the function mysqliescaperealstring for filtering data. However, this is particularly ineffective when returning user supplied input in an HTML or a JavaScript context, resulting in unsafe data being injected into these...
CVE-2019-10670
CVE-2019-10670 affects LibreNMS (up to at least 1.47) due to improper filtering in several scripts using mysqli_escape_real_string, which is ineffective for user input in HTML/JavaScript contexts. This can lead to attacker-controlled JavaScript execution in the affected web interface (notably in ...