Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improperly Controlled Modification of Dynamically-Determined Object Attributes in librenms/librenms
Vulnerability Description
A user is able to enable their own account if it was disabled by an admin while the user still holds a valid session. Moreover, the username is not properly sanitized in the admin user overview. This enables an XSS attack that enables an attacker with a low privilege user to execute arbitrary JavaScript in the context of an admin's account.
CVSS Information
N/A
Vulnerability Type
CWE-915
Vulnerability Title
LibreNMS 跨站脚本漏洞
Vulnerability Description
LibreNMS是LibreNMS社区的一套基于PHP和MySQL的开源网络监控系统。该系统具有自定义警报、自动发现网络环境和自动更新等特点。 LibreNMS 22.10.0之前版本存在安全漏洞,该漏洞源于如果在用户仍然持有有效会话的情况下被管理员禁用,则用户可以启用自己的帐户,此外管理员用户概览中的用户名未正确清理,这会导致XSS攻击,使具有低权限用户的攻击者能够在管理员帐户的上下文中执行任意JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A