First published: Wed Aug 28 2019(Updated: )
LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Librenms Librenms | =1.54 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-15230 is a vulnerability in LibreNMS v1.54 that allows for XSS attacks in various sections of the admin console.
CVE-2019-15230 has a severity level of medium with a CVSS score of 5.4.
CVE-2019-15230 could lead to cookie stealing and other malicious actions if exploited with an authenticated account.
To fix CVE-2019-15230, users should update to a version of LibreNMS that is not affected by this vulnerability.
More information about CVE-2019-15230 can be found at a trusted source such as the following: [https://www.sevenlayers.com/index.php/239-librenms-v1-54-xss](https://www.sevenlayers.com/index.php/239-librenms-v1-54-xss)