Stored Cross-Site Scripting (XSS) in librenms/librenms
Sep 21st 2022
There is insufficient input validation in the pop-up notifications.
Proof of Concept
Steps to reproduce:
1. Log in to an admin account 2. Click on Ports -> Manage Groups 3. Create a new Port Group with the Name `<script>alert(document.location)</script>` and an arbitrary Description 4. The XSS is triggered when the Port Group is deleted
This works analagously with Device Groups.