CVE-2022-3231

Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 22.9.0

Description The issue is related to Cross-site Scripting (XSS) - Stored, which allows attackers to execute arbitrary JavaScript code. Specifically, the Title parameter in the Schedule Maintenance feature is vulnerable. This could potentially affect a significant number of devices worldwide, although an exact estimate is not provided. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 22.9.0, update to version 22.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Schedule Maintenance feature or avoiding the use of the Title parameter until the update is applied.