Описание
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in report_this function in librenms/includes/functions.php. The report_this function had improper filtering (htmlentities function was incorrectly use in a href environment), which caused the project_issues parameter to trigger an XSS vulnerability. This vulnerability is fixed in 25.7.0.
Уязвимые конфигурации
Конфигурация 1Версия до 25.7.0 (исключая)
cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 0%
0.00003
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
github
4 месяца назад
LibreNMS is vulnerable to Reflected-XSS in `report_this` function
EPSS
Процентиль: 0%
0.00003
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79