CVE-2024-47526

Опубликовано: 01 окт. 2024

Источник: nvd

CVSS3: 3.5

CVSS3: 2.4

EPSS Низкий

Описание

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon submission but does not persist after a page refresh.

Ссылки

https://github.com/librenms/librenms/blob/0e741e365aa974a74aee6b43d1b4b759158a5c7e/includes/html/forms/alert-templates.inc.php#L40
Product
https://github.com/librenms/librenms/blob/0e741e365aa974a74aee6b43d1b4b759158a5c7e/includes/html/modal/alert_template.inc.php#L205
Product
https://github.com/librenms/librenms/commit/f259edc19b9f0ccca484c60b1ba70a0bfff97ef5
Patch
https://github.com/librenms/librenms/security/advisories/GHSA-gcgp-q2jq-fw52
Exploit
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*

Версия до 24.9.0 (исключая)

EPSS

Процентиль: 35%

0.00143

Низкий

3.5 Low

CVSS3

2.4 Low

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-gcgp-q2jq-fw52

CVSS3: 3.5

github

больше 1 года назад

LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature

EPSS

Процентиль: 35%

0.00143

Низкий

3.5 Low

CVSS3

2.4 Low

CVSS3

Дефекты

CWE-79