CVE-2019-15230

LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account.
References
Link Resource
https://www.sevenlayers.com/index.php/239-librenms-v1-54-xss Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:librenms:librenms:1.54:*:*:*:*:*:*:*

Information

Published : 2019-08-28 10:15

Updated : 2019-08-30 12:15


NVD link : CVE-2019-15230

Mitre link : CVE-2019-15230


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

librenms

  • librenms