CVE-2019-15230

Source
https://cve.org/CVERecord?id=CVE-2019-15230
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15230.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-15230
Published
2019-08-28T17:15:09.747Z
Modified
2026-07-08T15:55:26.192719Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account.

References

Affected packages

Git / github.com/librenms/librenms

Affected ranges

Type
GIT
Repo
https://github.com/librenms/librenms
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:librenms:librenms:1.54:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.54"
        },
        {
            "last_affected": "1.54"
        }
    ]
}

Affected versions

1.*
1.54

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15230.json"