CVE-2024-49759: Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php
A Stored Cross-Site Scripting (XSS) vulnerability in the “Manage User Access” page allows authenticated users to inject arbitrary JavaScript through the “bill_name” parameter when creating a new bill. This vulnerability can lead to the execution of malicious code when visiting the “Bill Access” dropdown in the user’s “Manage Access” page, potentially compromising user sessions and allowing unauthorized actions.
References
Detect and mitigate CVE-2024-49759 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →