Cross-site Scripting (XSS) - Stored in librenms/librenms
Valid
Reported on
Feb 18th 2022
Stored-xss is possible when adding a rule.
Create a new Alert Rule (like below) and adjust the query like below with the following payload
"><img src=x onerror=alert(document.cookie)>
Save the rule and see a xss-pop up.
We are processing your report and will contact the
librenms
team within 24 hours.
3 months ago
We have contacted a member of the
librenms
team and are waiting to hear back
3 months ago
Neil Lathwood modified the report
3 months ago
ribersec modified the report
3 months ago
We have sent a
follow up to the
librenms
team.
We will try again in 7 days.
3 months ago
Neil Lathwood modified the report
3 months ago
Neil Lathwood modified the report
3 months ago
The fix bounty has been dropped
to join this conversation