Cross-site Scripting in LibreNMS
Moderate severity
GitHub Reviewed
Published
Sep 9, 2021
to the GitHub Advisory Database
•
Updated Sep 19, 2023
Description
Published by the National Vulnerability Database
Sep 8, 2021
Reviewed
Sep 9, 2021
Published to the GitHub Advisory Database
Sep 9, 2021
Last updated
Sep 19, 2023
In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed.
References