CVE-2024-51496 MEDIUM

CVE-2024-51496: LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php

Vendor Librenms
Product librenms
Weakness CWE-79 · XSS
Published November 15, 2024
Last update November 15, 2024
View on NVD All CVEs

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting (XSS) vulnerability in the "metric" parameter of the "/wireless" and "/health" endpoints allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious "metric" parameter, potentially compromising their session and allowing unauthorized actions. This vulnerability is fixed in 24.10.0.

Key dates

02Disclosure timeline

November 15, 2024 CVE published
November 15, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-13445 Elementor Website Builder – More Than Just a Page Builder <= 3.27.4 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-10189 Anchor Episodes Index (Spotify for Podcasters) <= 2.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via anchor_episodes Shortcode CVE-2025-62125 WordPress Custom Background Changer plugin <= 3.0 - Cross Site Scripting (XSS) vulnerability CVE-2026-25346 WordPress FAQ Builder AYS plugin <= 1.8.2 - Cross Site Scripting (XSS) vulnerability CVE-2026-42652 WordPress User Registration plugin <= 5.1.5 - Cross Site Scripting (XSS) vulnerability