CVE-2024-51495 Information

Description

LibreNMS is an open-source PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the \overwrite_ip\ parameter when editing a device. This vulnerability results in the execution of malicious code when the device overview page is visited potentially compromising the accounts of other users. This vulnerability is fixed in 24.10.0.

Reference

https://github.com/librenms/librenms/security/advisories/GHSA-p66q-ppwr-q5j8 https://github.com/librenms/librenms/commit/4568188ce9097a2e3a3b563311077f2bb82455c0