CVE-2025-23201

16 Ene 2025

Título es

CVE-2025-23201

Jue, 16/01/2025 – 23:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2025-23201

Descripción en

librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting (XSS) on the parameters:`/addhost` -> param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

17/01/2025

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

5.40

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://github.com/librenms/librenms/security/advisories/GHSA-g84x-g96g-rcjc

Enviar en el boletín

Off

CVE-2025-23201

CVE-2025-23201

Jose Alexis Correa Valencia