CVE-2024-50350

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Nov 15, 2024

CWE ID 79

Summary

CVE-2024-50350 is a stored Cross-Site Scripting (XSS) vulnerability affecting LibreNMS, an open-source network monitoring system. The issue is located in the "Port Settings" page, where authenticated users can inject malicious JavaScript code through the "name" parameter when creating a new Port Group. This vulnerability is triggered when the affected Port Group is added to a device, leading to the execution of the injected code upon visiting the "Port Settings" page. The consequences include potential compromise of user sessions and unauthorized actions. The vulnerability has been addressed in version 24.10.0 of LibreNMS.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

LibreNMS

Affected Vendors

LibreNMS

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners