CVE-2018-18478: Cross-site Scripting

October 18, 2018 (updated December 4, 2018)

Persistent Cross-Site Scripting (XSS) issues in LibreNMS allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and html/includes/forms/edit-dashboard.inc.php.

References

nvd.nist.gov/vuln/detail/CVE-2018-18478

Code Behaviors & Features

Detect and mitigate CVE-2018-18478 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →