Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-31274
CVE-2021-31274:
PHP vulnerability analysis and mitigation
Overview
A stored Cross-Site Scripting (XSS) vulnerability was identified in LibreNMS versions prior to 21.3.0. The vulnerability was discovered in the API Access page due to insufficient sanitization of the $api->description variable, which could allow arbitrary JavaScript code execution (LibreNMS Community, CVE Mitre).
Technical details
The vulnerability exists in the API Access page where the $api->description variable was not properly sanitized before being rendered in the page. An attacker could exploit this by entering malicious JavaScript code in the description field when creating an API access token (LibreNMS Community).
Impact
The vulnerability allows attackers to execute arbitrary JavaScript code in the context of other users' browsers who view the API Access page. This could potentially lead to session hijacking, data theft, or other client-side attacks (CVE Mitre).
Mitigation and workarounds
The vulnerability was fixed in LibreNMS version 21.3.0 through a patch that properly escapes user-editable fields. Users should upgrade to version 21.3.0 or later to address this security issue (GitHub PR).
Additional resources
Source: This report was generated using AI
Related PHP vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management