Cross-site Scripting (XSS) - Stored in librenms/librenms

Valid

Reported on

Feb 13th 2022

Description

Stored XSS in create/modify Transport Groups, Add/Edit Service and Edit Service Template

Proof of Concept

Payload:

'><body onload=alert(/XSS/)>

~

PoC image:

Xss payload in create/modify Transport Groups

Xss payload in Add/Edit Service

Xss payload in Edit Service Template

~

XSS will fire-up by user visiting:

1 http://{HOST}/alert-transports

2 http://{HOST}/device/{id}/services

Impact

This vulnerability is capable of running malicious javascript code on web pages.

We are processing your report and will contact the librenms team within 24 hours. a year ago
Faisal Fs ⚔️ modified the report
a year ago
Faisal Fs ⚔️ modified the report
a year ago
Faisal Fs ⚔️ modified the report
a year ago
Faisal Fs ⚔️ modified the report
a year ago
Faisal Fs ⚔️ modified the report
a year ago
Faisal Fs ⚔️ modified the report
a year ago
Faisal Fs ⚔️ modified the report
a year ago
We have contacted a member of the librenms team and are waiting to hear back a year ago
PipoCanaja validated this vulnerability a year ago
Faisal Fs ⚔️ has been awarded the disclosure bounty
The fix bounty is now up for grabs
PipoCanaja marked this as fixed in 22.1.0 with commit 4c9d4e a year ago
PipoCanaja has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation