Cross Site Scripting (XSS) Vulnerability in LibreNMS Device Group Popups

Cross Site Scripting (XSS) Vulnerability in LibreNMS Device Group Popups

CVE-2023-48295 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Affected versions are subject to a cross site scripting (XSS) vulnerability in the device group popups. This issue has been addressed in commit `faf66035ea` which has been included in release version 23.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.