CVE-2023-48295 MEDIUM

CVE-2023-48295: Cross-site Scripting at Device groups Deletion feature in LibreNMS

Vendor Librenms

Product librenms

Weakness CWE-79 · XSS

Published November 17, 2023

Last update August 10, 2024

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit `faf66035ea` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

November 17, 2023 CVE published

August 10, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-48295 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

CVE-2023-48295: Cross-site Scripting at Device groups Deletion feature in LibreNMS

01Description

02Disclosure timeline

03References

04Related CVE