CVE-2024-51496

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Nov 15, 2024
CWE ID 79

Summary

CVE-2024-51496 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting LibreNMS, an open-source network monitoring system. The flaw is located in the "metric" parameter of the "/wireless" and "/health" endpoints. An attacker can exploit this issue by injecting malicious JavaScript, leading to the execution of malicious code when an unsuspecting user accesses the page with the manipulated parameter. This vulnerability poses a significant risk, as it can result in the compromise of user sessions and enable unauthorized actions. LibreNMS has released a patch in version 24.10.0 to address this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share