CVE-2023-4978: 
PHP vulnerability analysis and mitigation

CVE-2023-4978 is a Cross-site Scripting (XSS) vulnerability discovered in the LibreNMS project, affecting versions prior to 23.9.0. The vulnerability specifically involves DOM-based XSS in the IPv4 search page functionality (NVD, GitHub Patch).

The vulnerability has been assigned a CVSS v3.1 base score of 6.1 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. However, huntr.dev has assessed it with a higher CVSS score of 9.0 (CRITICAL) with vector string CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H. The vulnerability is classified as CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (NVD).

The vulnerability could allow attackers to execute malicious scripts in the context of the user's browser session, potentially leading to theft of sensitive information, session hijacking, or other client-side attacks (NVD).

The vulnerability has been patched in LibreNMS version 23.9.0. Users are advised to upgrade to this version or later to mitigate the risk. The fix involves properly sanitizing input in the IPv4 search page (GitHub Patch).