Stored Cross-Site Scripting (XSS) in librenms/librenms

Valid

Reported on

Sep 21st 2022


Description

There is insufficient input validation in the pop-up notifications.

Proof of Concept

Steps to reproduce:

1. Log in to an admin account
2. Click on Ports -> Manage Groups
3. Create a new Port Group with the Name `<script>alert(document.location)</script>` and an arbitrary Description
4. The XSS is triggered when the Port Group is deleted

This works analagously with Device Groups.

Impact

The impact is JavaScript Code Execution. An attack requires admin privileges, so the impact is limited.

We are processing your report and will contact the librenms team within 24 hours. 2 months ago
We have contacted a member of the librenms team and are waiting to hear back 2 months ago
We have sent a follow up to the librenms team. We will try again in 7 days. 2 months ago
We have sent a second follow up to the librenms team. We will try again in 10 days. 2 months ago
We have sent a third and final follow up to the librenms team. This report is now considered stale. 2 months ago
Tony Murray validated this vulnerability 2 months ago
vautia has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Tony Murray marked this as fixed in 22.10.0 with commit 838337 2 months ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
Tony Murray published this vulnerability 16 days ago
to join this conversation