CVE-2024-52526

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Nov 15, 2024
CWE ID 79

Summary

CVE-2024-52526 is a stored Cross-Site Scripting (XSS) vulnerability affecting LibreNMS, an open-source network monitoring system. The issue lies in the "Services" tab of the Device page, where authenticated users can inject malicious JavaScript code through the "descr" parameter when adding a service to a device. This vulnerability could lead to the execution of malicious scripts in other users' sessions, potentially compromising their accounts and enabling unauthorized actions. The vulnerability has been resolved in version 24.10.0.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share