Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and html/includes/forms/edit-dashboard.inc.php.
References
Link | Resource |
---|---|
https://github.com/librenms/librenms/releases/tag/1.44 | Release Notes Third Party Advisory |
https://github.com/librenms/librenms/pull/9171 | Third Party Advisory |
https://github.com/librenms/librenms/issues/9170 | Exploit Third Party Advisory |
https://hackpuntes.com/cve-2018-18478-libre-nms-1-43-cross-site-scripting-persistente/ | Exploit Third Party Advisory |
Configurations
Information
Published : 2018-10-18 10:29
Updated : 2018-12-04 07:49
NVD link : CVE-2018-18478
Mitre link : CVE-2018-18478
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
librenms
- librenms