CVE-2018-18478: Cross-site Scripting
(updated )
Persistent Cross-Site Scripting (XSS) issues in LibreNMS allow remote attackers to inject arbitrary web script or HTML via the dashboard_name
parameter in the /ajax_form.php
resource, related to html/includes/forms/add-dashboard.inc.php
, html/includes/forms/delete-dashboard.inc.php
, and html/includes/forms/edit-dashboard.inc.php.
References
Detect and mitigate CVE-2018-18478 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →