CVE-2024-47528

Summary

CVE-2024-47528 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the LibreNMS network monitoring system, which allows users with administrative privileges to upload SVG files containing malicious payloads. This vulnerability can be exploited when an admin sets a background for a custom map, potentially compromising system integrity and allowing attackers to execute scripts in the context of other users' sessions. The issue has been addressed in version 24.9.0 of LibreNMS, and organizations are advised to upgrade to this version or later to mitigate the risk. The vulnerability has a medium severity rating with an exploitability score of 2.8, indicating that user interaction is required for exploitation but that the impact could still be significant if successfully executed. Failure to remediate this vulnerability may expose organizations to attacks that could lead to unauthorized access or data leakage.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.