CVE-2024-50355: LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints

November 15, 2024

The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code.

References

github.com/advisories/GHSA-4m5r-w2rq-q54q
github.com/librenms/librenms
github.com/librenms/librenms/commit/bb4731419b592867bf974dde525e536606a52976
github.com/librenms/librenms/security/advisories/GHSA-4m5r-w2rq-q54q
nvd.nist.gov/vuln/detail/CVE-2024-50355

Code Behaviors & Features

Detect and mitigate CVE-2024-50355 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →