CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-53457

A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 1.6%

CVSS Severity

CVSS v3 Score 5.4

References

https://github.com/tCu0n9/Stored-XSS-LibreNMS-Display-Name.git
https://github.com/tCu0n9/Stored-XSS-LibreNMS-Display-Name.git

Products affected by CVE-2024-53457

Librenms » Librenms » Version: 24.10.0

cpe:2.3:a:librenms:librenms:24.10.0
Librenms » Librenms » Version: 24.9.0

cpe:2.3:a:librenms:librenms:24.9.0
Librenms » Librenms » Version: 24.9.1

cpe:2.3:a:librenms:librenms:24.9.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-53457

Products

Pricing

Contact Us