Описание
Librenms has a reflected XSS on error alert
XSS on the parameters:/addhost -> param: community
of Librenms versions 24.10.1 (https://github.com/librenms/librenms) allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure.
Proof of Concept:
-
Navigate to the /addhost path.
-
Fill in all required fields.
-
In the Community field, enter the following payload:
"><img src=a onerror="alert(1)">. -
Submit the form to save changes. 5 The script will execute when the error alert "No reply with community + payload" appears.
Impact:
Execution of Malicious Code
Пакеты
librenms/librenms
<= 24.10.1
24.11.0
Связанные уязвимости
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting (XSS) on the parameters:`/addhost` -> param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.