CVE-2021-31274

Cross-site Scripting in packagist/librenms/librenms

Identifiers

CVE-2021-31274

Package Slug

packagist/librenms/librenms

Vulnerability

Cross-site Scripting

Description

In LibreNMS, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed.

Affected Versions

All versions before 21.3.0

Solution

Upgrade to version 21.3.0 or above.

Last Modified

2021-09-16

source