CVE-2023-5060
published 2023-09-19CVE-2023-5060: Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.
PriorityP425medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.56%
42.4th percentile
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| librenms | librenms | < 23.9.1 | 23.9.1 |
| librenms | librenms | >= 0 < 23.9.1 | 23.9.1 |
| librenms | librenms_librenms | >= unspecified < 23.9.1 | 23.9.1 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.08.4HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Cross site scripting in librenms
ghsa·2023-09-19
CVE-2023-5060 [HIGH] CWE-79 Cross site scripting in librenms
Cross site scripting in librenms
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.
OSV
Cross site scripting in librenms
osv·2023-09-19
CVE-2023-5060 [HIGH] Cross site scripting in librenms
Cross site scripting in librenms
Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.
Suricata
ET EXPLOIT Possible CVE-2014-6271 Attempt Against SIP Proxy
suricata·2014-09-27·CVSS 9.8
CVE-2014-6271 [CRITICAL] ET EXPLOIT Possible CVE-2014-6271 Attempt Against SIP Proxy
ET EXPLOIT Possible CVE-2014-6271 Attempt Against SIP Proxy
Rule: alert udp any any -> $HOME_NET [5060,5061] (msg:"ET EXPLOIT Possible CVE-2014-6271 Attempt Against SIP Proxy"; flow:to_server; content:"|28 29 20 7b|"; fast_pattern; reference:url,github.com/zaf/sipshock; reference:cve,2014-6271; classtype:attempted-admin; sid:2019289; rev:4; metadata:created_at 2014_09_27, cve CVE_2014_6271, confidence Medium, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_05_24;)
No public exploits indexed.
No writeups or analysis indexed.
2023-09-19
Published