Headline

GHSA-2f4w-6mc7-4w78: LibreNMS Display Name 2 Stored Cross-site Scripting vulnerability

StoredXSS-LibreNMS-Display Name 2

Description:

XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):/device/$DEVICE_ID/edit -> param: display

of Librenms versions 24.11.0 (https://github.com/librenms/librenms) allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure.

Proof of Concept:

Add a new device through the LibreNMS interface.
Edit the newly created device by going to the “Device Settings” section.
In the “Display Name” field, enter the following payload: "><img src onerror="alert(document.cookie)">.
Save the changes.
The XSS payload is triggered when navigating to the path /device/$DEVICE_ID/logs and hovering over a type containing a tag (such as Core 1 in the image).

Impact:

Execution of Malicious Code

4 months ago

ghsa

Open in Source

#xss #vulnerability #git #auth

GitHub Advisory Database
GitHub Reviewed
CVE-2024-56144

LibreNMS Display Name 2 Stored Cross-site Scripting vulnerability

Moderate severity GitHub Reviewed Published Jan 16, 2025 in librenms/librenms • Updated Jan 16, 2025

Package

composer librenms/librenms (Composer)

Affected versions

= 24.11.10

StoredXSS-LibreNMS-Display Name 2

Description:

XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):/device/$DEVICE_ID/edit -> param: display

Proof of Concept:

Add a new device through the LibreNMS interface.
Edit the newly created device by going to the “Device Settings” section.
In the “Display Name” field, enter the following payload: "><img src onerror="alert(document.cookie)">.
Save the changes.
The XSS payload is triggered when navigating to the path /device/$DEVICE_ID/logs and hovering over a type containing a tag (such as Core 1 in the image).

Impact:

Execution of Malicious Code

References