CVE-2023-48295 Information
Description
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit faf66035ea which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Reference
https://github.com/librenms/librenms/security/advisories/GHSA-8phr-637g-pxrg https://github.com/librenms/librenms/commit/faf66035ea1f4c1c4f34559b9d0ed40ee4a19f90 https://github.com/librenms/librenms/blob/63eeeb71722237d1461a37bb6da99fda25e02c91/app/Http/Controllers/DeviceGroupController.php#L173C21-L173C21
Share on: