CVE-2024-47523

Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 24.9.0

Description A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. The application does not properly sanitize the user input in the "Details" field, allowing an attacker to inject and store arbitrary JavaScript.

Recommendations For versions prior to 24.9.0, update to version 24.9.0 to fix the vulnerability. As a temporary workaround, consider restricting access to the "Alert Transports" feature to minimize the risk of exploitation. Avoid using the "Details" section in the "Alert Transports" feature until the issue is resolved.