CVE-2024-51495

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-51495

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-51495.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-51495

Aliases

GHSA-p66q-ppwr-q5j8

Published

2024-11-15T15:44:50.033Z

Modified

2025-12-01T17:47:57.715226Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php

Details

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the "overwrite_ip" parameter when editing a device. This vulnerability results in the execution of malicious code when the device overview page is visited, potentially compromising the accounts of other users. This vulnerability is fixed in 24.10.0.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/51xxx/CVE-2024-51495.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Git / github.com/librenms/librenms

Affected ranges

Type: GIT
Repo: https://github.com/librenms/librenms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a625d1ef0b66e093414d8d440f8b5f4f85baadfa

Affected versions

0.*

0.1

1.*

1.19

1.20

1.21

1.25

1.26

1.27

1.28

1.29

1.30

1.30.01

1.31

1.31.01

1.31.02

1.31.03

1.32

1.33

1.35

1.36

1.37

1.38

1.39

1.40

1.41

1.42

1.42.01

1.43

1.44

1.45

1.46

1.47

1.48

1.48.1

1.49

1.50

1.51

1.52

1.53

1.53.1

1.54

1.55

1.56

1.57

1.58

1.58.1

1.59

1.60

1.61

1.62

1.63

1.64

1.64.1

1.65

1.66

1.67

1.68

1.69

1.70.0

1.70.1

Other

201505

201506

201507

201508

201509

201510

201511

201512

201601

201602

201603

201604

201605

201606

201607

201608

20160828

201609

21.*

21.1.0

21.10.0

21.11.0

21.12.0

21.12.1

21.2.0

21.3.0

21.4.0

21.5.0

21.5.1

21.6.0

21.7.0

21.8.0

21.9.0

22.*

22.1.0

22.10.0

22.11.0

22.12.0

22.2.0

22.2.1

22.3.0

22.4.0

22.5.0

22.6.0

22.7.0

22.8.0

22.9.0

23.*

23.1.0

23.10.0

23.11.0

23.2.0

23.4.0

23.4.1

23.5.0

23.6.0

23.7.0

23.8.0

23.8.1

23.8.2

23.9.0

23.9.1

24.*

24.1.0

24.2.0

24.3.0

24.4.0

24.4.1

24.5.0

24.6.0

24.7.0

24.8.0

24.9.0

24.9.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-51495.json"