CVE-2024-47526

low-risk
Published 2024-10-01

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon submission but does not persist after a page refresh.

Do I need to act?

-
0.14% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.5/10 Low
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Librenms

References (4)

Product https://github.com/librenms/librenms/blob/0e741e365aa974a74aee6b43d1b4b759158a5c...
Product https://github.com/librenms/librenms/blob/0e741e365aa974a74aee6b43d1b4b759158a5c...
Patch https://github.com/librenms/librenms/commit/f259edc19b9f0ccca484c60b1ba70a0bfff9...
Exploit https://github.com/librenms/librenms/security/advisories/GHSA-gcgp-q2jq-fw52
22
/ 100
low-risk
Severity 16/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal