216.73.216.197

CVE-2024-49754

· Published 15/11/2024 16:15 · Modified 20/11/2024 15:02

Labels: CVE-2024-49754 2024-11-15CVE-2024-49754CWE-79[email protected]

Essential information

Published
15/11/2024 16:15
Modified
20/11/2024 15:02
Author
Creator
CVSS
7.5 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L

CVSS metrics

Description

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the "token" parameter when creating a new API token. This vulnerability can result in the execution of malicious code in the context of other users' sessions, compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
librenms / librenms cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*

References