Moderate severityNVD Advisory· Published Dec 5, 2024· Updated Dec 10, 2024

CVE-2024-53457

Description

A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
librenms/librenmsPackagist	>= 24.9.0, < 24.11.0	24.11.0

Affected products

Librenms/Librenmscpe-rescue
ghsa-coords
pkg:composer/librenms/librenms
Range: >= 24.9.0, < 24.11.0

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-6c5q-fg3g-qhhvghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-53457ghsaADVISORY
github.com/librenms/librenms/commit/afe92dbf4321f107012690d476685603d1ccb013ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.034
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000