Headline
CVE-2022-36746: Security fixes XSS in oxidized-cfg-check.inc.php and print-customoid.php by enferas · Pull Request #14126 · librenms/librenms
LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php.
Signed-off-by: AL-KASSAR [email protected]
Security fixes
XSS in oxidized-cfg-check.inc.php: sanitize the output
XSS in print-customoid.php: cast the value to integer
Please note
Please read this information carefully. You can run ./lnms dev:check to check your code before submitting.
- Have you followed our code guidelines?
- If my Pull Request does some changes/fixes/enhancements in the WebUI, I have inserted a screenshot of it.
- If my Pull Request makes discovery/polling/yaml changes, I have added/updated test data.
Testers
If you would like to test this pull request then please run: ./scripts/github-apply <pr_id>, i.e ./scripts/github-apply 5926
After you are done testing, you can remove the changes with ./scripts/github-remove. If there are schema changes, you can ask on discord how to revert.