CVE-2024-51496
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Summary
CVE-2024-51496 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting LibreNMS, an open-source network monitoring system. The flaw is located in the "metric" parameter of the "/wireless" and "/health" endpoints. An attacker can exploit this issue by injecting malicious JavaScript, leading to the execution of malicious code when an unsuspecting user accesses the page with the manipulated parameter. This vulnerability poses a significant risk, as it can result in the compromise of user sessions and enable unauthorized actions. LibreNMS has released a patch in version 24.10.0 to address this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- LibreNMS
Affected Vendors
- LibreNMS