Skip to main content

Librenms CVE-2024-53457

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2024-12-05 cve@mitre.org
5.4
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 05, 2024 - 22:15 cve.org
MEDIUM 5.4

DescriptionCVE.org

A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter.

AnalysisAI

A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter. Affected products include: Librenms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2019-10669 HIGH POC
7.2 Sep 09

An issue was discovered in LibreNMS through 1.47. Rated high severity (CVSS 7.2), this vulnerability is remotely exploit

CVE-2021-44278 CRITICAL POC
9.8 Dec 03

Librenms 21.11.0 is affected by a path manipulation vulnerability in includes/html/pages/device/showconfig.inc.php. Rate

CVE-2019-10665 CRITICAL POC
9.8 Sep 09

An issue was discovered in LibreNMS through 1.47. Rated critical severity (CVSS 9.8), this vulnerability is remotely exp

CVE-2026-26988 CRITICAL POC
9.1 Feb 20

SQL injection in LibreNMS 25.12.0 and below. PoC and patch available.

CVE-2019-10668 CRITICAL POC
9.1 Sep 09

An issue was discovered in LibreNMS through 1.47. Rated critical severity (CVSS 9.1), this vulnerability is remotely exp

CVE-2026-26990 HIGH POC
8.8 Feb 20

SQL injection in LibreNMS versions 25.12.0 and below allows authenticated users to extract sensitive database informatio

CVE-2024-32461 HIGH POC
8.8 Apr 22

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Rated high severity (CVSS 8.8), this vulnera

CVE-2020-15877 HIGH POC
8.8 Jul 21

An issue was discovered in LibreNMS before 1.65.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploi

CVE-2019-12463 HIGH POC
8.8 Sep 09

An issue was discovered in LibreNMS 1.50.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable,

CVE-2019-10671 HIGH POC
8.8 Sep 09

An issue was discovered in LibreNMS through 1.47. Rated high severity (CVSS 8.8), this vulnerability is remotely exploit

CVE-2026-6204 HIGH POC
8.5 Apr 13

Remote code execution in LibreNMS network monitoring platform (versions prior to 26.3.0) allows authenticated administra

CVE-2019-12465 HIGH POC
8.1 Sep 09

An issue was discovered in LibreNMS 1.50.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable,

Share

CVE-2024-53457 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy