CVE-2024-47526

Name of the Vulnerable Software and Affected Versions LibreNMS (affected versions not specified)

Description A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon submission but does not persist after a page refresh. The vulnerability occurs when creating an alert template in the LibreNMS interface, where the application sanitizes the "name" field when storing it in the database, but this newly created template is immediately added to the table without any sanitization being applied to the name. The root cause of this vulnerability lies in the lack of sanitization of the name variable before it is rendered in the table.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.