DOM XSS in https://demo.librenms.org/eventlog in librenms/librenms
Aug 19th 2023
I noticed, your website is very secure.
But you overlooked a flaw XSS
1 .Login with demo account.
2 .Go to the link: https://demo.librenms.org/eventlog and click Filter
3 .Use burp suite to block proxy and inject payload in eventtype:
4 .Check, detect xss
Proof of Concept
This security vulnerability has the potential to steal multiple users' cookies, gain unauthorized access to that user's account through stolen cookies, or redirect the user to other malicious websites...