CVE-2024-56144

Summary

CVE-2024-56144 is a stored XSS vulnerability affecting Librenms, a popular open-source network monitoring system. Versions up to 24.11.0 are susceptible to this issue, which can be exploited by injecting malicious scripts into specific parameters, such as `/device/$DEVICE_ID/edit` -> param: display. An attacker can take advantage of this flaw to execute scripts when a user views or interacts with the affected page, potentially leading to unauthorized actions or data exposure. To mitigate this risk, Librenms users are strongly advised to upgrade to version 24.12.0 as soon as possible. There are currently no known workarounds for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.