Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device-dependencies.inc.php
Vulnerability Description
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the device name ("hostname" parameter). This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. This vulnerability is fixed in 24.9.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
LibreNMS 跨站脚本漏洞
Vulnerability Description
LibreNMS是LibreNMS社区的一套基于PHP和MySQL的开源网络监控系统。该系统具有自定义警报、自动发现网络环境和自动更新等特点。 LibreNMS 24.7.0版本及之前版本存在跨站脚本漏洞,该漏洞源于允许经过身份验证的用户通过设备名称注入任意JavaScript。攻击者利用该漏洞在其他用户会话的环境中执行恶意代码。
CVSS Information
N/A
Vulnerability Type
N/A