Cyber Resilience

CVE-2024-53457

MediumPublic PoC

Published: 05 December 2024

Published
05 December 2024
Modified
07 April 2025
KEV Added
Patch
CVSS Score v3.1 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
EPSS Score 0.4082 97.5th percentile
Risk Priority 35 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-53457 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Librenms Librenms. Its CVSS base score is 5.4 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique JavaScript (T1059.007); ranked in the top 2.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

LibreNMS versions 24.9.0 through 24.10.0 contain a stored cross-site scripting vulnerability in the Device Settings section. The flaw, tracked as CWE-79, permits injection of arbitrary web scripts or HTML through the Display Name parameter, carrying a CVSS 3.1 score of 5.4 that reflects network attack vector, low attack complexity, and required low privileges with user interaction.

An authenticated attacker can store a crafted payload in the Display Name field; when another user subsequently views the device settings page, the script executes within the victim's browser session, enabling limited theft of session data or unauthorized actions scoped to the application.

The two provided references point to a public proof-of-concept repository demonstrating the stored XSS vector but contain no official advisory statements or patch guidance. The associated EPSS score has remained flat at 0.4082 with no material increase after disclosure.

EU & UK References

Vulnerability details

A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
T1189 Drive-by Compromise Initial Access
Adversaries may gain access to a system through a user visiting a website over the normal course of browsing.
T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
T1555.003 Credentials from Web Browsers Credential Access
Adversaries may acquire credentials from web browsers by reading files specific to the target browser.
Why these techniques?

Stored XSS in LibreNMS Device Display Name allows arbitrary JavaScript execution in victims' browsers upon viewing affected pages (e.g., Alert Rules, Custom OID, ports), enabling drive-by compromise, client-side code execution via exploitation, JavaScript interpreter usage, and theft of web session cookies or browser credentials.

Affected Assets

librenms
librenms
24.9.0 — 24.10.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-79

Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.

addresses: CWE-79

Validates web inputs to reject script-related content that could produce XSS.

addresses: CWE-79

Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.

References