CVE-2023-48295: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
(updated )
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit faf66035ea
which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
- github.com/advisories/GHSA-8phr-637g-pxrg
- github.com/librenms/librenms/blob/63eeeb71722237d1461a37bb6da99fda25e02c91/app/Http/Controllers/DeviceGroupController.php
- github.com/librenms/librenms/commit/faf66035ea1f4c1c4f34559b9d0ed40ee4a19f90
- github.com/librenms/librenms/security/advisories/GHSA-8phr-637g-pxrg
- nvd.nist.gov/vuln/detail/CVE-2023-48295
Detect and mitigate CVE-2023-48295 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →