CVE-2019-15230

Name of the Vulnerable Software and Affected Versions LibreNMS version 1.54

Description The issue affects several sections of the admin console, including Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template. It allows for XSS attacks, which could result in cookie stealing and other malicious actions. This can be exploited with an authenticated account.

Recommendations For LibreNMS version 1.54, consider restricting access to the admin console sections until a fix is available, and avoid using the affected sections with an authenticated account to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.