Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-pm8j-3v64-92cq: LibreNMS Display Name Stored Cross-site Scripting vulnerability

Description:

XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):/device/$DEVICE_ID/edit -> param: display

of Librenms versions 24.9.0, 24.10.0, and 24.10.1 (https://github.com/librenms/librenms) allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure.

Proof of Concept:

  1. Add a new device through the LibreNMS interface.

  2. Edit the newly created device by going to the “Device Settings” section.

  3. In the “Display Name” field, enter the following payload: "><script>alert(1)</script>. Screenshot from 2024-11-06 09-41-37

  4. Save the changes.

  5. The XSS payload triggers when accessing the “/apps” path (if an application was previously added). Screenshot from 2024-11-06 09-42-05

Additional PoC:

  1. In the “Display Name” field, enter the following payload: "><img src onerror="alert(1)">. image

  2. The XSS vulnerability is triggered when accessing the “/ports” path, and the payload executes when hovering over the modified value in the “Port” field. image

  • on /device/$DEVICE_ID/ports/arp path: image

  • on /device/$DEVICE_ID/logs path: image

  • on /search/search=arp/ path: image

Impact:

Execution of Malicious Code

ghsa
Open in Source
#xss#vulnerability#git#auth

Description:

XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):/device/$DEVICE_ID/edit -> param: display

of Librenms versions 24.9.0, 24.10.0, and 24.10.1 (https://github.com/librenms/librenms) allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure.

Proof of Concept:

  1. Add a new device through the LibreNMS interface.

  2. Edit the newly created device by going to the “Device Settings” section.

  3. In the “Display Name” field, enter the following payload: "><script>alert(1)</script>.

  4. Save the changes.

  5. The XSS payload triggers when accessing the “/apps” path (if an application was previously added).

Additional PoC:

  1. In the “Display Name” field, enter the following payload: "><img src onerror="alert(1)">.

  2. The XSS vulnerability is triggered when accessing the “/ports” path, and the payload executes when hovering over the modified value in the “Port” field.

  • on /device/$DEVICE_ID/ports/arp path:

  • on /device/$DEVICE_ID/logs path:

  • on /search/search=arp/ path:

Impact:

Execution of Malicious Code

References

  • GHSA-pm8j-3v64-92cq
  • librenms/librenms@afe92db

ghsa: Latest News

GHSA-g84x-g96g-rcjc: Librenms has a reflected XSS on error alert
ghsa