CVE-2024-56144
CVSS 3.1 Score 4.6 of 10 (medium)
Details
Summary
CVE-2024-56144 is a stored Cross-Site Scripting (XSS) vulnerability affecting versions of the Librenms network monitoring system up to 24.11.0. The issue lies in the `/device/$DEVICE_ID/edit` endpoint of the software, specifically the 'display' parameter. Successful exploitation enables attackers to inject malicious scripts, which execute immediately when a user interacts with or views the affected page. Consequences may include unauthorized actions or data exposure. Users are urged to upgrade to the patched version 24.12.0. Currently, there are no known workarounds for this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- LibreNMS
Affected Vendors
- LibreNMS