CVE-2024-51495 MEDIUM

CVE-2024-51495: LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php

Vendor Librenms

Product librenms

Weakness CWE-79 · XSS

Published November 15, 2024

Last update November 15, 2024

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "overwrite_ip" parameter when editing a device. This vulnerability results in the execution of malicious code when the device overview page is visited, potentially compromising the accounts of other users. This vulnerability is fixed in 24.10.0.

Key dates

02Disclosure timeline

November 15, 2024 CVE published

November 15, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-51495

Related vulnerabilities

04Related CVE

CVE-2026-1570 Simple Bible Verse via Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2025-23965 WordPress Kopa Nictitate Toolkit plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability CVE-2025-6787 Smart Docs <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-23843 WordPress WP-HR Manager plugin <= 3.1.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2022-20659 Cisco Prime Infrastructure and Evolved Programmable Network Manager Cross-Site Scripting Vulnerability