CVE-2018-18478 Information

Description

Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource related to html/includes/forms/add-dashboard.inc.php html/includes/forms/delete-dashboard.inc.php and html/includes/forms/edit-dashboard.inc.php.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/librenms/librenms/issues/9170 https://github.com/librenms/librenms/pull/9171 https://github.com/librenms/librenms/releases/tag/1.44 https://hackpuntes.com/cve-2018-18478-libre-nms-1-43-cross-site-scripting-persistente/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1