7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
15.8%
LibreNMS is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to improper sanitization on the Service template name which is reflecting in delete button onclick event. This allows malicious javascript code to be stored and executed.
CPE | Name | Operator | Version |
---|---|---|---|
librenms/librenms | le | 24.3.0 | |
librenms/librenms | le | 24.3.0 |
github.com/advisories/GHSA-72m9-7c8x-pmmw
github.com/librenms/librenms/blob/a61c11db7e8ef6a437ab55741658be2be7d14d34/app/Http/Controllers/ServiceTemplateController.php#L67C23-L67C23
github.com/librenms/librenms/commit/19344f0584d4d6d4526fdf331adc60530e3f685b
github.com/librenms/librenms/pull/15954
github.com/librenms/librenms/security/advisories/GHSA-72m9-7c8x-pmmw