CVE-2024-47528

low-risk

Published 2024-10-01

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Stored Cross-Site Scripting (XSS) can be achieved by uploading a new Background for a Custom Map. Users with "admin" role can set background for a custom map, this allow the upload of SVG file that can contain XSS payload which will trigger on load. This led to Stored Cross-Site Scripting (XSS). The vulnerability is fixed in 24.9.0.

Do I need to act?

0.41% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.8/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Librenms

Affected Vendors

Librenms

References (2)

Patch https://github.com/librenms/librenms/commit/d959bf1b366319eda16e3cd6dfda8a22beb2...

Exploit https://github.com/librenms/librenms/security/advisories/GHSA-x8gm-j36p-fppf

/ 100

low-risk

Severity 19/34 · Moderate

Exploitability 2/34 · Minimal

Exposure 5/34 · Minimal