CVE-2024-50351

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-50351
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting (XSS) vulnerability in the "section" parameter of the "logs" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious "section" parameter, potentially compromising their session and enabling unauthorized actions. The issue arises from a lack of sanitization in the "report_this()" function. This vulnerability is fixed in 24.10.0.

4.8 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.7 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/librenms/librenms/commit/6a14a9bd767c6e452e4df77a24126c3eeb93dcbf Patch
https://github.com/librenms/librenms/security/advisories/GHSA-v7w9-63xh-6r3w Exploit Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*
History

21 Nov 2024, 23:37

Type Values Removed Values Added
References () https://github.com/librenms/librenms/commit/6a14a9bd767c6e452e4df77a24126c3eeb93dcbf - () https://github.com/librenms/librenms/commit/6a14a9bd767c6e452e4df77a24126c3eeb93dcbf - Patch
References () https://github.com/librenms/librenms/security/advisories/GHSA-v7w9-63xh-6r3w - () https://github.com/librenms/librenms/security/advisories/GHSA-v7w9-63xh-6r3w - Exploit, Vendor Advisory
CPE cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*
First Time Librenms librenms
Librenms

18 Nov 2024, 17:11

Type Values Removed Values Added
Summary
  • (es) LibreNMS es un sistema de monitoreo de red de código abierto basado en PHP/MySQL/SNMP. Una vulnerabilidad de tipo cross site scripting (XSS) reflejado en el parámetro "section" de la pestaña "logs" de un dispositivo permite a los atacantes inyectar código JavaScript arbitrario. Esta vulnerabilidad da como resultado la ejecución de código malicioso cuando un usuario accede a la página con un parámetro "section" malicioso, lo que potencialmente compromete su sesión y permite acciones no autorizadas. El problema surge de una falta de limpieza en la función "report_this()". Esta vulnerabilidad se solucionó en 24.10.0.

15 Nov 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-15 16:15

Updated : 2024-11-21 23:37

NVD link : CVE-2024-50351

Mitre link : CVE-2024-50351

CVE.ORG link : CVE-2024-50351

JSON object : View

Products Affected

librenms

  • librenms
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024