Lucene search
Veracode Vulnerability DatabaseVERACODE:38142HistoryNov 21, 2022 - 3:06 p.m.
Cross-Site Scripting (XSS)
2022-11-2115:06:16
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.001 Low
EPSS
Percentile
19.5%
librenms/librenms is vulnerable to cross-site scripting. The vulnerability exists in notifications.inc.php due to lack of escaping in title which allows an attacker to inject and execute malicious javascript.
| CPE | Name | Operator | Version |
|---|---|---|---|
| librenms/librenms | le | 22.9.0 | |
| librenms/librenms | le | 22.9.0 |
References
github.com/advisories/GHSA-qch4-jmf8-xvp7
github.com/librenms/librenms/blob/master/includes/html/pages/notifications.inc.php#L87
github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c
github.com/librenms/librenms/pull/14457
huntr.dev/bounties/3ca7023e-d95c-423f-9e9a-222a67a8ee72
huntr.dev/bounties/3ca7023e-d95c-423f-9e9a-222a67a8ee72/
Related
huntr
huntr
Stored Cross-Site Scripting (XSS)
2022-09-21 18:16:25
cve
cve
CVE-2022-4067
2022-11-20 05:15:11
github
github
Cross-site Scripting in librenms/librenms
2022-11-20 06:30:16
osv
osv
Cross-site Scripting in librenms/librenms
2022-11-20 06:30:16
CVE-2022-4067
2022-11-20 05:15:11
cvelist
cvelist
CVE-2022-4067 Cross-site Scripting (XSS) - Stored in librenms/librenms
2022-11-20 00:00:00
nvd
nvd
CVE-2022-4067
2022-11-20 05:15:11
cnvd
cnvd
LibreNMS Cross-Site Scripting Vulnerability (CNVD-2022-81232)
2022-11-22 00:00:00
prion
prion
Cross site scripting
2022-11-20 05:15:00