Cross-site scripting in LibreNMS - CVE-2024-47525
Published: October 1, 2024 / Updated: May 5, 2026
LibreNMS
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary JavaScript in the context of other users' sessions.
The vulnerability exists due to cross-site scripting in print-alert-rules.php when creating an alert rule with crafted input in the Title field. A remote privileged user can submit a specially crafted Title value to execute arbitrary JavaScript in the context of other users' sessions.
User interaction is required when another user loads the affected page.