Stored XSS-LibreNMS-Display Name 2 in librenms

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versions up to 24.11.0 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.12.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

LibreNMS 跨站脚本漏洞

LibreNMS是LibreNMS社区的一套基于PHP和MySQL的开源网络监控系统。该系统具有自定义警报、自动发现网络环境和自动更新等特点。 LibreNMS 24.11.0及之前版本存在跨站脚本漏洞，该漏洞源于/device/$DEVICE_ID/edit中的参数display会导致存储型跨站脚本攻击。

N/A

N/A