CVE-2026-2728
LOW3.5EPSS 0.00%Duplicate Advisory: LibreNMS affected by an authenticated Cross-site Scripting vulnerability on the showconfig page
發布日:2026/5/18修改日:2026/5/12
描述
## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-5gm9-622f-qcg5. This link is maintained to preserve external references. ## Original Description LibreNMS versions before 26.3.0 are affected by an authenticated Cross-site Scripting vulnerability on the showconfig page. Successful exploitation requires administrative privileges. Exploitation could result in XSS attacks being performed against other users with access to the page.
受影響套件(2)
- Packagist/librenms/librenms>= 25.12.0, < 26.3.0
- Packagist/librenms/librenmsfrom 0, < 26.3.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N |
| osv | CVSS 3.1 | LOW3.5 | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N |
參考連結(5)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-2728
- PATCHhttps://github.com/librenms/librenms
- WEBhttps://github.com/librenms/librenms/releases/tag/26.3.0
- WEBhttps://github.com/librenms/librenms/security/advisories/GHSA-5gm9-622f-qcg5
- WEBhttps://projectblack.io/blog/librenms-authenticated-rce-and-xss/#xss-on-showconfig-page-2630