CVE-2023-4347
published 2023-08-15CVE-2023-4347: Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.
PriorityP340medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
66.88%
99.2th percentile
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| librenms | librenms | < 23.8.0 | 23.8.0 |
| librenms | librenms | >= 0 < 23.8.0 | 23.8.0 |
| librenms | librenms_librenms | >= unspecified < 23.8.0 | 23.8.0 |
| pimcore | pimcore | >= 0 < 10.5.18 | 10.5.18 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.07.6HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
LibreNMS Cross-site Scripting vulnerability
ghsa·2023-08-15
CVE-2023-4347 [HIGH] CWE-79 LibreNMS Cross-site Scripting vulnerability
LibreNMS Cross-site Scripting vulnerability
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms 23.7.0 and prior. A patch is available at commit 91c57a1ee54631e071b6b0c952d99c8ee892e824 and anticiapted to be part of version 23.8.0.
OSV
LibreNMS Cross-site Scripting vulnerability
osv·2023-08-15
CVE-2023-4347 [HIGH] LibreNMS Cross-site Scripting vulnerability
LibreNMS Cross-site Scripting vulnerability
Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms 23.7.0 and prior. A patch is available at commit 91c57a1ee54631e071b6b0c952d99c8ee892e824 and anticiapted to be part of version 23.8.0.
GHSA
Pimcore vulnerable to Cross Site Scripting in image/video thumbnail config
ghsa·2023-03-01
CVE-2023-1117 [MEDIUM] CWE-79 Pimcore vulnerable to Cross Site Scripting in image/video thumbnail config
Pimcore vulnerable to Cross Site Scripting in image/video thumbnail config
### Impact
An attacker can use XSS to send a malicious script to any user through Image/Video thumbnail config
### Patches
Update to version 10.5.18 or apply this patch manually https://github.com/pimcore/pimcore/pull/14472.patch
### Workarounds
Apply https://github.com/pimcore/pimcore/pull/14472.patch manually.
### References
https://huntr.dev/bounties/e8c0044d-a31b-4347-b2d5-59fbf492da39/
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-08-15
Published