HTML Injection in librenms/librenms

Valid

Reported on

Aug 18th 2023


Description

I think your website is quite secure.

But you overlooked the HTML Injection vulnerability (ID:WSTG-CLNT-03 of OWASP).

Proof of Concept

1 .Login with demo account

2 .Access the link https://demo.librenms.org/search/search=ipv4 and insert the payload

      search=<b>test/b>

3 .Hit enter, html injection vulnerability detected

Proof of Concept

Video Poc

https://drive.google.com/file/d/1SKLGEsaeFXrWopBckrFcGRAG0N2RMoQA/view?usp=sharing

Impact

Credential theft: An attacker can use JavaScript code to obtain sensitive information from a user's browser, such as usernames, passwords, credit card information, and personal data. other.

Browser redirection: Attackers can redirect users to fake or malicious websites, often to scam users or install malware.

Change website content: An attacker can change the content of the affected website, causing confusion for users or creating fake messages.

We are processing your report and will contact the librenms team within 24 hours. 6 months ago
A GitHub Issue asking the maintainers to create a SECURITY.md exists 6 months ago
HaiNguyen modified the report
6 months ago
HaiNguyen
6 months ago

Researcher


hi , i detected the html injection persisted in the link: https://demo.librenms.org/health/metric=processor

HaiNguyen modified the report
6 months ago
HaiNguyen modified the report
6 months ago
We have contacted a member of the librenms team and are waiting to hear back 6 months ago
HaiNguyen
6 months ago

Researcher


hi, any update for this?

HaiNguyen
6 months ago

Researcher


@mantainer? any update on this?

Tony Murray validated this vulnerability 5 months ago
hainguyen0207 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Tony Murray marked this as fixed in 23.9.0 with commit 119493 5 months ago
The fix bounty has been dropped
HaiNguyen
5 months ago

Researcher


oke ,thank you very much

This vulnerability has now been published 5 months ago
to join this conversation