CVE-2024-52526

Source
https://cve.org/CVERecord?id=CVE-2024-52526
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52526.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-52526
Aliases
Published
2024-11-15T15:55:59.180Z
Modified
2026-07-15T01:48:57.446760426Z
Severity
  • 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php
Details

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the "descr" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0.

Database specific
{
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52526.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/librenms/librenms

Affected ranges

Type
GIT
Repo
https://github.com/librenms/librenms
Events
Database specific
{
    "cpe": "cpe:2.3:a:librenms:librenms:24.10.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "24.10.0"
        },
        {
            "last_affected": "24.10.0"
        }
    ],
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ]
}

Affected versions

24.*
24.10.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52526.json"