Описание
LibreNMS stored Cross-site Scripting vulnerability in poller group name
LibreNMS v25.4.0 suffers from Stored Cross-Site Scripting (XSS) Vulnerability in the 'group name' parameter of the 'http://localhost/poller/groups' form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users.
---------------------------------POC-----------------------------
Before Setting: Enable 'distributed_poller' in http://localhost/settings/poller/distributed
- Attacker creates a new poller group and injects the payload in the 'group name' parameter
payload: <script>alert('XSS')</script>
- Victim navigates to the 'http://localhost/addhost' to add a new host
- The payload is executed
code sink: https://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284
Ссылки
- https://github.com/librenms/librenms/security/advisories/GHSA-hxw5-9cc5-cmw5
- https://nvd.nist.gov/vuln/detail/CVE-2025-47931
- https://github.com/librenms/librenms/pull/17603
- https://github.com/librenms/librenms/commit/88fe1a7abdb500d9a2d4c45f9872df54c9ff8062
- https://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284
Пакеты
Наименование
librenms/librenms
composer
Затронутые версииВерсия исправления
< 25.5.0
25.5.0
Связанные уязвимости
CVSS3: 6.1
nvd
9 месяцев назад
LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting (XSS) Vulnerability in the `group name` parameter of the `http://localhost/poller/groups` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. LibreNMS v25.5.0 contains a patch for the issue.