Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LibreNMS Contains a Stored XSS via File Upload
Vulnerability Description
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in 24.9.0.
CVSS Information
N/A
Vulnerability Type
对输出编码和转义不恰当
Vulnerability Title
LibreNMS 代码问题漏洞
Vulnerability Description
LibreNMS是LibreNMS社区的一套基于PHP和MySQL的开源网络监控系统。该系统具有自定义警报、自动发现网络环境和自动更新等特点。 LibreNMS 24.6.0版本存在代码问题漏洞,该漏洞源于允许上传包含跨站脚本载荷的SVG文件。
CVSS Information
N/A
Vulnerability Type
N/A