-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper output escaping in the outages page. The commit diff shows the replacement of addcslashes with htmlspecialchars for the 'to' and 'from' parameters. addcslashes is insufficient for XSS prevention in HTML/JS contexts because it does not encode critical characters like <, >, &, etc. The use of htmlspecialchars in the patch confirms the root cause was improper escaping during output generation. The vulnerable code resided in the JavaScript configuration section of outages.inc.php, where user-controlled 'to' and 'from' parameters were insufficiently sanitized.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| librenms/librenms | composer | < 23.9.0 | 23.9.0 |
PHPPHPOngoing coverage of React2Shell