LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account.
References
Link | Resource |
---|---|
https://www.sevenlayers.com/index.php/239-librenms-v1-54-xss | Exploit Third Party Advisory |
Configurations
Information
Published : 2019-08-28 10:15
Updated : 2019-08-30 12:15
NVD link : CVE-2019-15230
Mitre link : CVE-2019-15230
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
librenms
- librenms