LibreNMS: XSS Vulnerability in Device Services Tab - Proactive Insights and Support For Open-Source Applications

In LibreNMS versions before 24.10.0 a medium severity vulnerability CVE-2024-52526 was detected. This vulnerability allows authenticated users to inject arbitrary JavaScript through the “descr” parameter in the “Services” tab of the Device page. This could result in the execution of malicious code within the context of other users’ sessions, potentially compromising their accounts and enabling unauthorized actions. To address this issue, update to LibreNMS version 24.10.0 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-52526.