CVE-2024-47524

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-47524
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47524.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-47524
Aliases
Published
2024-10-01T21:15:07Z
Modified
2024-10-12T11:31:18.432510Z
Summary
[none]
Details

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Groups name, when user see the detail of the Device Group, if java script code is inside the name of the Device Groups, its will be trigger. This vulnerability is fixed in 24.9.0.

References

Affected packages

Git / github.com/librenms/librenms

Affected ranges

Type
GIT
Repo
https://github.com/librenms/librenms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.1

1.*

1.19
1.20
1.21
1.25
1.26
1.27
1.28
1.29
1.30
1.30.01
1.31
1.31.01
1.31.02
1.31.03
1.32
1.33
1.35
1.36
1.37
1.38
1.39
1.40
1.41
1.42
1.42.01
1.43
1.44
1.45
1.46
1.47
1.48
1.48.1
1.49
1.50
1.51
1.52
1.53
1.53.1
1.54
1.55
1.56
1.57
1.58
1.58.1
1.59
1.60
1.61
1.62
1.63
1.64
1.64.1
1.65
1.66
1.67
1.68
1.69
1.70.0
1.70.1

Other

201505
201506
201507
201508
201509
201510
201511
201512
201601
201602
201603
201604
201605
201606
201607
201608
20160828
201609

21.*

21.1.0
21.10.0
21.11.0
21.12.0
21.12.1
21.2.0
21.3.0
21.4.0
21.5.0
21.5.1
21.6.0
21.7.0
21.8.0
21.9.0

22.*

22.1.0
22.10.0
22.11.0
22.12.0
22.2.0
22.2.1
22.3.0
22.4.0
22.5.0
22.6.0
22.7.0
22.8.0
22.9.0

23.*

23.1.0
23.10.0
23.11.0
23.2.0
23.4.0
23.4.1
23.5.0
23.6.0
23.7.0
23.8.0
23.8.1
23.8.2
23.9.0
23.9.1

24.*

24.1.0
24.2.0
24.3.0
24.4.0
24.4.1
24.5.0
24.6.0
24.7.0
24.8.0