Main Vulnerability Database Vulnerabilities #VU127455

#VU127455 Cross-site scripting in LibreNMS - CVE-2024-50352

Published: November 15, 2024 / Updated: April 24, 2026

Vulnerability identifier: #VU127455

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-50352

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
LibreNMS

Software vendor:
LibreNMS Project

Description

The vulnerability allows a remote user to execute arbitrary JavaScript in other users' sessions.

The vulnerability exists due to improper neutralization of input during web page generation in the Services section of the Device Overview page when processing the "name" parameter during the device edit services workflow. A remote privileged user can submit a specially crafted service name to execute arbitrary JavaScript in other users' sessions.

User interaction is required when another user visits the device overview page, and the issue does not occur through the normal "Add Service" interface.

Remediation

Install security update from vendor's website.

External links

https://github.com/librenms/librenms/security/advisories/GHSA-qr8f-5qqg-j3wg

#VU127455 Cross-site scripting in LibreNMS - CVE-2024-50352

Description

Remediation

External links

Please verify you're human