Stored Cross-Site Scripting (XSS) in librenms/librenms

Valid

Reported on

Sep 21st 2022

Description

There is insufficient input validation in the title of user notifications.

Proof of Concept

Steps to reproduce:

1. Log in to an admin account
2. Hover over the username & click on Notifications
3. Create a new notification with the Title `<script>alert(document.location)</script>` and an arbitrary message
4. The XSS is triggered whenever the notifications view is loaded

Impact

The impact is JavaScript Code Execution. An attack requires admin privileges, so the impact is limited. Furthermore, this is a self-XSS.

Occurrences

notifications.inc.php L87

We are processing your report and will contact the librenms team within 24 hours. a year ago

We have contacted a member of the librenms team and are waiting to hear back a year ago

We have sent a follow up to the librenms team. We will try again in 7 days. a year ago

We have sent a second follow up to the librenms team. We will try again in 10 days. a year ago

We have sent a third and final follow up to the librenms team. This report is now considered stale. a year ago

Tony Murray validated this vulnerability a year ago

vautia has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Tony Murray marked this as fixed in 22.10.0 with commit 8e8569 a year ago

The fix bounty has been dropped

This vulnerability has been assigned a CVE

notifications.inc.php#L87 has been validated

Tony Murray published this vulnerability 10 months ago

to join this conversation