Multiple Cross-Site Scripting (XSS) Vulnerabilities in LibreNMS v1.54 Admin Console

Multiple Cross-Site Scripting (XSS) Vulnerabilities in LibreNMS v1.54 Admin Console

CVE-2019-15230 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account.

Learn more about our User Device Pen Test.