Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in LibreNMS - CVE-2024-47524
Published: October 1, 2024 / Updated: May 5, 2026
LibreNMS
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary script code in the browser of users viewing a device group detail page.
The vulnerability exists due to improper neutralization of script-related html tags in the device group name field when rendering device group details. A remote privileged user can create a device group with a crafted name to execute arbitrary script code in the browser of users viewing a device group detail page.
The issue is triggered when the crafted device group detail page is viewed.