Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-g84x-g96g-rcjc: Librenms has a reflected XSS on error alert

XSS on the parameters:`/addhost` -> param: community of Librenms versions 24.10.1 ([https://github.com/librenms/librenms](https://github.com/librenms/librenms)) allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. **Proof of Concept:** 1. Navigate to the /addhost path. 2. Fill in all required fields. 3. In the Community field, enter the following payload: `"><img src=a onerror="alert(1)">`. ![image](https://github.com/user-attachments/assets/025a7692-e730-4e3b-bca7-761ed2a60cf7) 4. Submit the form to save changes. 5 The script will execute when the error alert "No reply with community + payload" appears. ![image](https://github.com/user-attachments/assets/4663e24a-4ff7-42f4-9c3d-3c5b5bf34017) **Impact:** Execution of Malicious Code

ghsa
Open in Source
#xss#git#auth
GHSA-c66p-64fj-jmc2: LibreNMS Misc Section Stored Cross-site Scripting vulnerability

# StoredXSS-LibreNMS-MiscSection **Description:** Stored XSS on the parameter: `ajax_form.php` -> param: state Request: ```http POST /ajax_form.php HTTP/1.1 Host: <your_host> X-Requested-With: XMLHttpRequest X-CSRF-TOKEN: <your_XSRF_token> Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Cookie: <your_cookie> type=override-config&device_id=1&attrib=override_icmp_disable&state="><img%20src%20onerror="alert(1)"> ``` of Librenms version 24.10.1 ([https://github.com/librenms/librenms](https://github.com/librenms/librenms)) allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. The vulnerability in the line: ```php $attrib_val = get_dev_attrib($device, $name); ``` within the `dynamic_override_config` function arises because the value of `$attrib_val is` retrieved from untrusted data without any sanitiz...

GHSA-27vf-3g4f-6jp7: LibreNMS Ports Stored Cross-site Scripting vulnerability

# StoredXSS-LibreNMS-Ports **Description:** Stored XSS on the parameter: `/ajax_form.php` -> param: descr Request: ```http POST /ajax_form.php HTTP/1.1 Host: <your_host> X-Requested-With: XMLHttpRequest X-CSRF-TOKEN: <your_XSRF_token> Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Cookie: <your_cookie> type=update-ifalias&descr=%22%3E%3Cimg+src+onerror%3D%22alert(1)%22%3E&ifName=lo&port_id=1&device_id=1 ``` of Librenms version 24.10.1 ([https://github.com/librenms/librenms](https://github.com/librenms/librenms)) allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. **Proof of Concept:** 1. Add a new device through the LibreNMS interface. 2. Edit the newly created device and select the "ports" section. 3. In the "Description" field, enter the following payload: `"><img src onerror="alert(1)">`. ...

GHSA-pm8j-3v64-92cq: LibreNMS Display Name Stored Cross-site Scripting vulnerability

**Description:** XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display of Librenms versions 24.9.0, 24.10.0, and 24.10.1 ([https://github.com/librenms/librenms](https://github.com/librenms/librenms)) allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. **Proof of Concept:** 1. Add a new device through the LibreNMS interface. 2. Edit the newly created device by going to the "Device Settings" section. 3. In the "Display Name" field, enter the following payload: `"><script>alert(1)</script>`. ![Screenshot from 2024-11-06 09-41-37](https://github.com/user-attachments/assets/6b44e049-5748-4f70-a667-c681cacec9da) 4. Save the changes. 5. The XSS payload triggers when accessing the "/apps" path (if an application was previously added). ![Screenshot from...

GHSA-p9v8-q5m4-pf46: CVE-2024-5138: snapd snapctl auth bypass

### Impact A snap with prior permissions to create a mount entry on the host, such as firefox, normally uses the permission from one of the per-snap hook programs. A unprivileged users cannot normally trigger that behaviour by using `snap run --shell firefox` followed by `snapctl mount`, since snapd validates the requesting user identity (root or non-root). The issue allows unprivileged users to bypass that check by crafting a malicious command line vector which confuses snapd into thinking the help message is requested. Unprivileged user on a default installation of Ubuntu, where firefox is as provided as a snap, may cause a denial-of-service attack by repeatedly mounting hunspell database over and over and eventually exhausting system memory. Other attacks, reliant on the same underying mechanism (mount), are possible. In all cases the snap must be installed and grated permission to perform this action (by connecting an appropriate snap interface), which requires administrative pr...

GHSA-2f4w-6mc7-4w78: LibreNMS Display Name 2 Stored Cross-site Scripting vulnerability

# StoredXSS-LibreNMS-Display Name 2 **Description:** XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display of Librenms versions 24.11.0 ([https://github.com/librenms/librenms](https://github.com/librenms/librenms)) allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. **Proof of Concept:** 1. Add a new device through the LibreNMS interface. 2. Edit the newly created device by going to the "Device Settings" section. 3. In the "Display Name" field, enter the following payload: `"><img src onerror="alert(document.cookie)">`. ![image](https://github.com/user-attachments/assets/b1664e15-eba8-4cdd-b730-fb18936f109c) 4. Save the changes. 5. The XSS payload is triggered when navigating to the path /device/$DEVICE_ID/logs and hovering over a type contai...

Avery had credit card skimmer stuck on its site for months

Avery has confirmed its website was compromised by a credit card skimmer that potentially affected over 60,000 customers.

Strategic Approaches to Threat Detection, Investigation &amp; Response

By staying vigilant, agile, and prepared, organizations can turn TDIR from a defensive strategy into a proactive enabler of security and operational excellence.

Risk, Reputational Scores Enjoy Mixed Success as Security Tools

Part predictive analysis, part intuition, risk and reputation services are imperfect instruments at best — and better than nothing for most organizations and insurers.

Ready to Simplify Trust Management? Join Free Webinar to See DigiCert ONE in Action

The digital world is exploding. IoT devices are multiplying like rabbits, certificates are piling up faster than you can count, and compliance requirements are tightening by the day. Keeping up with it all can feel like trying to juggle chainsaws while riding a unicycle. Traditional trust management? Forget it. It's simply not built for today's fast-paced, hybrid environments. You need a