Stored Cross-Site Scripting (XSS) on Schedule Maintenance "Title" parameter in librenms/librenms

Valid

Reported on

Sep 15th 2022


Description

Stored Cross-Site Scripting (XSS) vulnerability in LibreNMS v22.8.0 allows attackers to execute arbitrary javascript code in the browser affected from function of "Schedule Maintenance" in "Title" parameter.

Proof of Concept

1 - Click "Alerts" > Click "Schedule Maintenance" from the dropdown

2 - Create a new schedule by clicking "Schedule Maintenance" green button

3 - Under "Title" , use payload below

saitamang"><iMg SrC="x" oNeRRor="alert(document.cookie);">

4 - Saved the new schedule by clicking the green button name "Schedule Maintenance"

5 - XSS will prompt afterwards.

PoC Image

img

PoC Video

https://drive.google.com/file/d/1sWsIJsENvwhig5notCKWh2C6_h-MvBN0/view?usp=sharing

Impact

This vulnerability allows attackers to hijack the user's current session, steal relevant information, deface website or direct users to malicious websites and allows attacker to use for further exploitation.

We are processing your report and will contact the librenms team within 24 hours. 16 days ago
Saitamang modified the report
16 days ago
Saitamang modified the report
16 days ago
We have contacted a member of the librenms team and are waiting to hear back 15 days ago
Tony Murray validated this vulnerability 15 days ago
Saitamang has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Tony Murray confirmed that a fix has been merged on 080500 15 days ago
Tony Murray has been awarded the fix bounty
to join this conversation