Описание
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.11.0, a reflected cross-site scripting (XSS) vulnerability was identified in the LibreNMS application at the /maps/nodeimage endpoint. The Image Name parameter is reflected in the HTTP response without proper output encoding or sanitization, allowing an attacker to craft a URL that, when visited by a victim, causes arbitrary JavaScript execution in the victim’s browser. This issue has been patched in version 25.11.0.
Уязвимые конфигурации
Конфигурация 1Версия до 25.11.0 (исключая)
cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 0%
0.00002
Низкий
6.2 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.2
github
3 месяца назад
LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name`
EPSS
Процентиль: 0%
0.00002
Низкий
6.2 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79