CVE-2021-31274

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-31274

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31274.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-31274

Aliases

GHSA-2r2w-jrh2-p4gr

Published

2021-09-08T18:15:10.660Z

Modified

2025-11-14T11:50:55.081639Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed.

References

Affected packages

Git / github.com/librenms/librenms

Affected ranges

Type: GIT
Repo: https://github.com/librenms/librenms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d24730818f617898a6c0edd9654c649b02373ae7

Affected versions

0.*

0.1

1.*

1.19

1.20

1.21

1.25

1.26

1.27

1.28

1.29

1.30

1.30.01

1.31

1.31.01

1.31.02

1.31.03

1.32

1.33

1.35

1.36

1.37

1.38

1.39

1.40

1.41

1.42

1.42.01

1.43

1.44

1.45

1.46

1.47

1.48

1.48.1

1.49

1.50

1.51

1.52

1.53

1.53.1

1.54

1.55

1.56

1.57

1.58

1.58.1

1.59

1.60

1.61

1.62

1.63

1.64

1.64.1

1.65

1.66

1.67

1.68

1.69

1.70.0

1.70.1

Other

201505

201506

201507

201508

201509

201510

201511

201512

201601

201602

201603

201604

201605

201606

201607

201608

20160828

201609

21.*

21.1.0

21.2.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-31274.json"