CVE-2024-47528 Information

Oct 02, 2024 cve

Description

LibreNMS is an open-source PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with dmin\ role can set background for a custom map this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in 24.9.0.

Reference

https://github.com/librenms/librenms/security/advisories/GHSA-x8gm-j36p-fppf https://github.com/librenms/librenms/commit/d959bf1b366319eda16e3cd6dfda8a22beb203be

Share on: