Stored Cross-Site Scripting (XSS) on Schedule Maintenance "Title" parameter in librenms/librenms

Valid

Reported on

Sep 15th 2022

Description

Stored Cross-Site Scripting (XSS) vulnerability in LibreNMS v22.8.0 allows attackers to execute arbitrary javascript code in the browser affected from function of "Schedule Maintenance" in "Title" parameter.

Proof of Concept

1 - Click "Alerts" > Click "Schedule Maintenance" from the dropdown

2 - Create a new schedule by clicking "Schedule Maintenance" green button

3 - Under "Title" , use payload below

saitamang"><iMg SrC="x" oNeRRor="alert(document.cookie);">

4 - Saved the new schedule by clicking the green button name "Schedule Maintenance"

5 - XSS will prompt afterwards.

PoC Image

img

PoC Video

https://drive.google.com/file/d/1sWsIJsENvwhig5notCKWh2C6_h-MvBN0/view?usp=sharing

Impact

This vulnerability allows attackers to hijack the user's current session, steal relevant information, deface website or direct users to malicious websites and allows attacker to use for further exploitation.

We are processing your report and will contact the librenms team within 24 hours. a year ago
A GitHub Issue asking the maintainers to create a SECURITY.md exists a year ago
Saitamang modified the report
a year ago
Saitamang modified the report
a year ago
We have contacted a member of the librenms team and are waiting to hear back a year ago
Tony Murray validated this vulnerability a year ago
Saitamang has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Tony Murray marked this as fixed in 22.9.0 with commit 080500 a year ago
Tony Murray has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation