Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-3231: Fix scheduled maintenance xss (#14360) · librenms/librenms@0805002

Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.

CVE
Open in Source
#xss#git

@@ -65,8 +65,8 @@ protected function sortFields($request)

public function formatItem($schedule)

{

return [

‘title’ => $schedule->title,

‘notes’ => $schedule->notes,

‘title’ => htmlentities($schedule->title),

‘notes’ => htmlentities($schedule->notes),

‘id’ => $schedule->schedule_id,

‘start’ => $schedule->recurring ? ‘’ : $schedule->start->toDateTimeString(‘minutes’),

‘end’ => $schedule->recurring ? ‘’ : $schedule->end->toDateTimeString(‘minutes’),

@@ -75,7 +75,7 @@ public function formatItem($schedule)

‘end_recurring_dt’ => $schedule->recurring ? $schedule->end_recurring_dt : '’,

‘end_recurring_hr’ => $schedule->recurring ? $schedule->end_recurring_hr : '’,

‘recurring’ => $schedule->recurring ? __(‘Yes’) : __(‘No’),

‘recurring_day’ => $schedule->recurring ? implode(',’, $schedule->recurring_day) : '’,

‘recurring_day’ => $schedule->recurring ? htmlentities(implode(',’, $schedule->recurring_day)) : '’,

‘status’ => $schedule->status,

];

}

Related news

GHSA-3jh2-wmv7-m932: LibreNMS stored Cross-site Scripting via Schedule Maintenance `Title` parameter

LibreNMS versions 22.8.0 and prior allow attackers to execute arbitrary JavaScript code via the Schedule Maintenance `Title` parameter. A patch is available and anticipated to be part of version 22.9.0.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE