Cross-site Scripting (XSS) - Stored in librenms/librenms
Valid
Reported on
Feb 18th 2022
Stored-xss is possible when adding a rule.
Create a new Alert Rule (like below) and adjust the query like below with the following payload
"><img src=x onerror=alert(document.cookie)>
Save the rule and see a xss-pop up.
We are processing your report and will contact the
librenms
team within 24 hours.
a year ago
We have contacted a member of the
librenms
team and are waiting to hear back
a year ago
Neil Lathwood modified the report
a year ago
ribersec modified the report
a year ago
We have sent a
follow up to the
librenms
team.
We will try again in 7 days.
a year ago
Neil Lathwood modified the report
a year ago
Neil Lathwood modified the report
a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation