CVE-2024-47527

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Oct 1, 2024

Updated: Oct 7, 2024

CWE ID 79

Summary

CVE-2024-47527 is a stored Cross-Site Scripting (XSS) vulnerability affecting LibreNMS, an open-source network monitoring system. The flaw lies in the "Device Dependencies" feature, allowing authenticated users to inject malicious JavaScript code through the device name or "hostname" parameter. By exploiting this vulnerability, attackers can execute malicious scripts in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions. This issue has been addressed in the latest version 24.9.0 of LibreNMS.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

LibreNMS

Affected Vendors

LibreNMS

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/y_DIEQ
https://www.cve.org/CVERecord?id=CVE-2024-47527
https://nvd.nist.gov/vuln/detail/CVE-2024-47527

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners