LibreNMS: Stored XSS Vulnerability in Port Settings Page - Proactive Insights and Support For Open-Source Applications

In LibreNMS versions before 24.10.0 a medium severity vulnerability CVE-2024-51494 was detected. This vulnerability allows authenticated users to inject arbitrary JavaScript through the “descr” parameter when editing a device’s port settings on the “Port Settings” page. The injected code can be executed when the page is visited, potentially compromising the user’s session and enabling unauthorized actions. To address this issue, update to LibreNMS version 24.10.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-51494.