HTML Injection in librenms/librenms

Valid

Reported on

Aug 18th 2023

Description

I think your website is quite secure.

But you overlooked the HTML Injection vulnerability (ID:WSTG-CLNT-03 of OWASP).

Proof of Concept

1 .Login with demo account

2 .Access the link https://demo.librenms.org/search/search=ipv4 and insert the payload

      search=<b>test/b>

3 .Hit enter, html injection vulnerability detected

Proof of Concept

Video Poc

https://drive.google.com/file/d/1SKLGEsaeFXrWopBckrFcGRAG0N2RMoQA/view?usp=sharing

Impact

Credential theft: An attacker can use JavaScript code to obtain sensitive information from a user's browser, such as usernames, passwords, credit card information, and personal data. other.

Browser redirection: Attackers can redirect users to fake or malicious websites, often to scam users or install malware.

Change website content: An attacker can change the content of the affected website, causing confusion for users or creating fake messages.

We are processing your report and will contact the librenms team within 24 hours. 4 months ago

A GitHub Issue asking the maintainers to create a SECURITY.md exists 4 months ago

HaiNguyen modified the report

4 months ago

HaiNguyen

commented 4 months ago

Researcher

hi , i detected the html injection persisted in the link: https://demo.librenms.org/health/metric=processor

HaiNguyen modified the report

4 months ago

HaiNguyen modified the report

4 months ago

We have contacted a member of the librenms team and are waiting to hear back 4 months ago

HaiNguyen

commented 4 months ago

Researcher

hi, any update for this?

HaiNguyen

commented 3 months ago

Researcher

@mantainer? any update on this?

Tony Murray validated this vulnerability 3 months ago

HaiNguyen has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Tony Murray marked this as fixed in 23.9.0 with commit 119493 3 months ago

The fix bounty has been dropped

This vulnerability has been assigned a CVE

This vulnerability is scheduled to go public on Sep 15th 2023

HaiNguyen

commented 3 months ago

Researcher

oke ,thank you very much

Tony Murray published this vulnerability 3 months ago

to join this conversation

We are processing your report and will contact the librenms team within 24 hours. 4 months ago

A GitHub Issue asking the maintainers to create a SECURITY.md exists 4 months ago

HaiNguyen modified the report

4 months ago

HaiNguyen

commented 4 months ago

Researcher

hi , i detected the html injection persisted in the link: https://demo.librenms.org/health/metric=processor

HaiNguyen modified the report

4 months ago

HaiNguyen modified the report

4 months ago

We have contacted a member of the librenms team and are waiting to hear back 4 months ago

HaiNguyen

commented 4 months ago

Researcher

hi, any update for this?

HaiNguyen

commented 3 months ago

Researcher

@mantainer? any update on this?

Tony Murray validated this vulnerability 3 months ago

HaiNguyen has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Tony Murray marked this as fixed in 23.9.0 with commit 119493 3 months ago

The fix bounty has been dropped

This vulnerability has been assigned a CVE

This vulnerability is scheduled to go public on Sep 15th 2023

HaiNguyen

commented 3 months ago

Researcher

oke ,thank you very much

Tony Murray published this vulnerability 3 months ago

to join this conversation