Описание
LibreNMS is vulnerable to Reflected-XSS in report_this function
Summary
Reflected-XSS in report_this function in librenms/includes/functions.php
Details
Recently, it was discovered that the report_this function had improper filtering (htmlentities function was incorrectly used in a href environment), which caused the project_issues parameter to trigger an XSS vulnerability.
The Vulnerable Sink: https://github.com/librenms/librenms/blob/master/includes/functions.php#L444
PoC
GET
project_issues=javascript:alert(document.cookie)
Impact
XSS vulnerabilities allow attackers to execute malicious scripts in users' browsers, enabling unauthorized access to sensitive data, session hijacking, or malware distribution.
Suggestion
It is recommended to filter dangerous protocols, e.g. javascript:/file:.
Пакеты
librenms/librenms
<= 25.6.0
25.7.0
Связанные уязвимости
LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in `report_this` function in `librenms/includes/functions.php`. The `report_this` function had improper filtering (`htmlentities` function was incorrectly use in a href environment), which caused the `project_issues` parameter to trigger an XSS vulnerability. This vulnerability is fixed in 25.7.0.