Cross-site Scripting (XSS) - Stored in librenms/librenms
Feb 18th 2022
Stored-xss is possible when adding a rule.
Create a new Alert Rule (like below) and adjust the query like below with the following payload
"><img src=x onerror=alert(document.cookie)>
Save the rule and see a xss-pop up.
Neil Lathwood validated this vulnerability a year ago
ribersec has been awarded the disclosure bounty
The fix bounty is now up for grabs
Neil Lathwood marked this as fixed in 22.2.2 with commit 703745 a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation