DOM XSS in in librenms/librenms


Reported on

Aug 19th 2023


I noticed, your website is very secure.

But you overlooked a flaw XSS


1 .Login with demo account.

2 .Go to the link: and click Filter

3 .Use burp suite to block proxy and inject payload in eventtype:


4 .Check, detect xss

Proof of Concept

Video Poc


This security vulnerability has the potential to steal multiple users' cookies, gain unauthorized access to that user's account through stolen cookies, or redirect the user to other malicious websites...

We are processing your report and will contact the librenms team within 24 hours. 3 months ago
A GitHub Issue asking the maintainers to create a exists 3 months ago
HaiNguyen modified the report
3 months ago
HaiNguyen modified the report
3 months ago
We have contacted a member of the librenms team and are waiting to hear back 3 months ago
3 months ago


hi, any update for this?

Tony Murray
3 months ago


Invalid Occurrences link, please include valid link to not waste maintainer's time.

Tony Murray validated this vulnerability 3 months ago
HaiNguyen has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Tony Murray marked this as fixed in 23.9.0 with commit 03c4da 3 months ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on Sep 15th 2023
3 months ago


oke ,thank you

Tony Murray published this vulnerability 3 months ago
to join this conversation