QwikSec

Security Database

CVE

CWE

Training

CVE-2018-18478

Published: Oct 18, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

Persistent Cross-Site Scripting (XSS) issues in LibreNMS before 1.44 allow remote attackers to inject arbitrary web script or HTML via the dashboard_name parameter in the /ajax_form.php resource, related to html/includes/forms/add-dashboard.inc.php, html/includes/forms/delete-dashboard.inc.php, and html/includes/forms/edit-dashboard.inc.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/librenms/librenms/releases/tag/1.44

x_refsource_MISC

https://github.com/librenms/librenms/issues/9170

x_refsource_MISC

https://hackpuntes.com/cve-2018-18478-libre-nms-1-43-cross-site-scripting-persistente/

x_refsource_MISC

https://github.com/librenms/librenms/pull/9171

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.