Stored Cross-Site Scripting (XSS) in librenms/librenms

Valid

Reported on

Oct 20th 2022


Description

There is insufficient input validation in the pop-up notifications.

Proof of Concept

Steps to reproduce:

1. Log in to an admin account
2. Click on Services -> Services Templates
3. Create a new Service Template with the Name `<script>alert(document.location)</script>`
4. The XSS is triggered when the Services Templates is deleted

Impact

The impact is JavaScript Code Execution. An attack requires admin privileges, so the impact is limited.

We are processing your report and will contact the librenms team within 24 hours. a year ago
A GitHub Issue asking the maintainers to create a SECURITY.md exists a year ago
librenms/librenms maintainer
a year ago

Hi @maintainer, when you get a change to verify this, could you disclose the other four validated reports I submitted and maybe also apply CVEs? Thanks & feel free to get in touch in case you have any questions.

We have contacted a member of the librenms team and are waiting to hear back a year ago
We have sent a follow up to the librenms team. We will try again in 4 days. a year ago
We have sent a second follow up to the librenms team. We will try again in 7 days. a year ago
We have sent a third follow up to the librenms team. We will try again in 14 days. a year ago
Tony Murray validated this vulnerability a year ago
vautia has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Tony Murray
a year ago

I prefer to wait until after release is available for users before we publish (and time is limited so I'm not always able to be timely after that)

Tony Murray marked this as fixed in 22.11.0 with commit b7b037 a year ago
The fix bounty has been dropped
This vulnerability has now been published 5 months ago
to join this conversation