CVE-2022-0772

Description

LibreNMS prior to version 22.2.2 is vulnerable to cross-site scripting.

How to fix CVE-2022-0772

To remediate CVE-2022-0772, upgrade the affected package to a fixed version below.

• Packagist/librenms/librenms—upgrade to 22.2.2 or later

Is CVE-2022-0772 being exploited?

Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 22.2.2

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-0772
• PATCHgithub.com/librenms/librenms
• WEBgithub.com/librenms/librenms/commit/703745d0ed3948623153117d761ce48514e2f281
• WEBhuntr.dev/bounties/faae29bd-c43a-468d-8af6-2b6aa4d40f09