CVE-2024-52526
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Published Nov 15, 2024
CWE ID 79
Summary
CVE-2024-52526 is a stored Cross-Site Scripting (XSS) vulnerability affecting LibreNMS, an open-source network monitoring system. The issue lies in the "Services" tab of the Device page, where authenticated users can inject malicious JavaScript code through the "descr" parameter when adding a service to a device. This vulnerability could lead to the execution of malicious scripts in other users' sessions, potentially compromising their accounts and enabling unauthorized actions. The vulnerability has been resolved in version 24.10.0.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- LibreNMS
Affected Vendors
- LibreNMS