CVE-2024-49758 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2024-49758

CVE-2024-49758

November 15, 2024

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the ExamplePlugin enable, if java script code is inside the device's Notes, its will be trigger. This vulnerability is fixed in 24.10.0.

Related Resources (4)

https://github.com/librenms/librenms/security/advisories/GHSA-c86q-rj37-8f85

https://github.com/librenms/librenms

https://github.com/librenms/librenms/commit/24b142d753898e273ec20b542a27dd6eb530c7d8

https://nvd.nist.gov/vuln/detail/CVE-2024-49758

Do you need more information?

CVSS v4

Base Score:

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

HIGH

User Interaction

PASSIVE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

LOW

Subsequent System Integrity

LOW

Subsequent System Availability

NONE

CVSS v3

Base Score:

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

EPSS

Base Score:

0.06

Products

Solutions

Resources

Company

Compare

Developer Tools