PT-2021-19231 · Librenms · Librenms

Murrant

Published

2021-09-08

Updated

2021-09-15

CVE-2021-31274

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 21.3.0

Description A stored XSS issue was identified in the API Access page due to insufficient sanitization of the $api->description variable, allowing arbitrary Javascript code to be executed.

Recommendations For versions prior to 21.3.0, update to version 21.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the API Access page until the update is applied.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-31274

GHSA-2R2W-JRH2-P4GR

Affected Products

Librenms

PT-2021-19231 · Librenms · Librenms

CVE-2021-31274

Weakness Enumeration

Related Identifiers

Affected Products

References · 7