GHSA-frc6-pwgr-c28w

Описание

Summary

LibreNMS <= 25.8.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the value of the Transport name field is stored and later rendered in the Transports column of the Alert Rules page without proper input validation or output encoding. This leads to arbitrary JavaScript execution in the admin’s browser.

Details

• Injection point: Transport name field in /alert-transports.
• Execution point: Transports column in /alert-rules.
• Scope: Only administrators can create Alert Transports, and only administrators can view the affected Alert Rules page. Therefore, both exploitation and impact are limited to admin users.

Steps to reproduce

1. Log in with an administrator account.

2. Navigate to:

   http://localhost:8000/alert-transports

3. Click Create alert transport and provide the following values:

   • Transport name:

     'onfocus='alert(1)' autofocus=

   • Default Alert: ON

   • Email: test@gmail.com (or any valid email)

   Save the transport.

4. Navigate to http://localhost:8000/alert-rules. A popup alert(1) is triggered, confirming that the payload executes.

   

Impact

Only accounts with the admin role who access the Alert Rules page (http://localhost:8000/alert-rules) are affected.