{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T01:02:32.541","vulnerabilities":[{"cve":{"id":"CVE-2024-49758","sourceIdentifier":"security-advisories@github.com","published":"2024-11-15T16:15:34.880","lastModified":"2024-11-20T14:40:36.990","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the ExamplePlugin enable, if java script code is inside the device's Notes, its will be trigger. This vulnerability is fixed in 24.10.0."},{"lang":"es","value":"LibreNMS es un sistema de monitoreo de red de código abierto basado en PHP/MySQL/SNMP. El usuario con rol de administrador puede agregar notas a un dispositivo, la aplicación no desinfectó correctamente la entrada del usuario, cuando se habilita ExamplePlugin, si el código de script de Java está dentro de las notas del dispositivo, se activará. Esta vulnerabilidad se corrigió en 24.10.0."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*","versionEndExcluding":"24.10.0","matchCriteriaId":"B4BD88D2-5DA7-450B-AEFA-33BCA61685A7"}]}]}],"references":[{"url":"https://github.com/librenms/librenms/commit/24b142d753898e273ec20b542a27dd6eb530c7d8","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/librenms/librenms/security/advisories/GHSA-c86q-rj37-8f85","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}