3 matches found
GHSA-3JH2-WMV7-M932 LibreNMS stored Cross-site Scripting via Schedule Maintenance `Title` parameter
LibreNMS versions 22.8.0 and prior allow attackers to execute arbitrary JavaScript code via the Schedule Maintenance Title parameter. A patch is available and anticipated to be part of version 22.9.0...
LibreNMS stored Cross-site Scripting via Schedule Maintenance `Title` parameter
LibreNMS versions 22.8.0 and prior allow attackers to execute arbitrary JavaScript code via the Schedule Maintenance Title parameter. A patch is available and anticipated to be part of version 22.9.0...
Stored Cross-Site Scripting (XSS) on Schedule Maintenance "Title" parameter
Description Stored Cross-Site Scripting XSS vulnerability in LibreNMS v22.8.0 allows attackers to execute arbitrary javascript code in the browser affected from function of "Schedule Maintenance" in "Title" parameter. Proof of Concept 1 - Click "Alerts" Click "Schedule Maintenance" from the...