librenms

Valid

Reported on

Aug 19th 2023

Description

I noticed, your website is very secure.

But you overlooked a flaw XSS

Detail:

1 .Login with demo account.

2 .Go to the link: https://demo.librenms.org/eventlog and click Filter

3 .Use burp suite to block proxy and inject payload in eventtype:

test\%22-alert(document.cookie)//

4 .Check, detect xss

Proof of Concept

Video Poc

https://drive.google.com/file/d/1T87Ujnhd5-Je_LSL2uZOqGP5pNt6KT1A/view?usp=sharing

Impact

This security vulnerability has the potential to steal multiple users' cookies, gain unauthorized access to that user's account through stolen cookies, or redirect the user to other malicious websites...

We are processing your report and will contact the librenms team within 24 hours. 3 months ago

A GitHub Issue asking the maintainers to create a SECURITY.md exists 3 months ago

HaiNguyen modified the report

3 months ago

HaiNguyen modified the report

3 months ago

We have contacted a member of the librenms team and are waiting to hear back 3 months ago

HaiNguyen

commented 3 months ago

Researcher

hi, any update for this?

Tony Murray

commented 3 months ago

Maintainer

Invalid Occurrences link, please include valid link to not waste maintainer's time.

Tony Murray validated this vulnerability 3 months ago

HaiNguyen has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Tony Murray marked this as fixed in 23.9.0 with commit 03c4da 3 months ago

The fix bounty has been dropped

This vulnerability has been assigned a CVE

This vulnerability is scheduled to go public on Sep 15th 2023

HaiNguyen

commented 3 months ago

Researcher

oke ,thank you

Tony Murray published this vulnerability 3 months ago

to join this conversation

We are processing your report and will contact the librenms team within 24 hours. 3 months ago

A GitHub Issue asking the maintainers to create a SECURITY.md exists 3 months ago

HaiNguyen modified the report

3 months ago

HaiNguyen modified the report

3 months ago

We have contacted a member of the librenms team and are waiting to hear back 3 months ago

HaiNguyen

commented 3 months ago

Researcher

hi, any update for this?

Tony Murray

commented 3 months ago

Maintainer

Invalid Occurrences link, please include valid link to not waste maintainer's time.

Tony Murray validated this vulnerability 3 months ago

HaiNguyen has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Tony Murray marked this as fixed in 23.9.0 with commit 03c4da 3 months ago

The fix bounty has been dropped

This vulnerability has been assigned a CVE

This vulnerability is scheduled to go public on Sep 15th 2023

HaiNguyen

commented 3 months ago

Researcher

oke ,thank you

Tony Murray published this vulnerability 3 months ago

to join this conversation