CVE-2024-49758: LibreNMS has a stored XSS in ExamplePlugin with Device's Notes

November 15, 2024

The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code.

References

github.com/advisories/GHSA-c86q-rj37-8f85
github.com/librenms/librenms
github.com/librenms/librenms/commit/24b142d753898e273ec20b542a27dd6eb530c7d8
github.com/librenms/librenms/security/advisories/GHSA-c86q-rj37-8f85
nvd.nist.gov/vuln/detail/CVE-2024-49758

Detect and mitigate CVE-2024-49758 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →