Cross-site scripting in LibreNMS - CVE-2024-32479
Published: April 20, 2024 / Updated: May 5, 2026
LibreNMS
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary script in a user's browser.
The vulnerability exists due to cross-site scripting in ServiceTemplateController.php when handling a crafted service template name that is later rendered in the delete button onclick event. A remote user can submit a specially crafted service template name to execute arbitrary script in a user's browser.
User interaction is required when the crafted template is deleted.