CVE-2024-50350 Information

Description

LibreNMS is an open-source PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \Port Settings\ page allows authenticated users to inject arbitrary JavaScript through the ame\ parameter when creating a new Port Group. This vulnerability results in the execution of malicious code when the \Port Settings\ page is visited after the affected Port Group is added to a device potentially compromising user sessions and allowing unauthorized actions. This vulnerability is fixed in 24.10.0.

Reference

https://github.com/librenms/librenms/security/advisories/GHSA-xh4g-c9p6-5jxg https://github.com/librenms/librenms/commit/82a744bfe29017b8b58b5752ab9e1b335bedf0a0