Stored XSS in Notifications in librenms/librenms
Sep 23rd 2022
Proof of Concept
Create notification with title: `<img src=x onerror=alert(document.cookie) />` description can be anything (there's no XSS there)
XSS is capable of hi-jacking user account, leaking confidential information from the system or even getting sensitive data.