Dom XSS in module "Search IPv4" in librenms/librenms

Valid

Reported on

Aug 19th 2023

Description

1 .Access to IPv4 search function

2 .Enter the payload in the IPv4 field to perform the search

           Payload :       "><script>alert(document.cookie)</script>

3 .Enter the search button and the payload will be executed

Poc

Video poc https://drive.google.com/file/d/1A-zwXxsA-7GHa0iGfRGQc61JkOb-4A38/view?usp=sharing

Impact

XSS can cause a variety of problems for the end user that range in severity from an annoyance to complete account compromise. The most severe XSS attacks involve disclosure of the user's session cookie, allowing an attacker to hijack the user's session and take over the account.can execute client side scrips etc

We are processing your report and will contact the librenms team within 24 hours. 4 months ago

A GitHub Issue asking the maintainers to create a SECURITY.md exists 4 months ago

We have contacted a member of the librenms team and are waiting to hear back 4 months ago

commented 3 months ago

Researcher

@admin Is there any feedback from the developer?

commented 3 months ago

Researcher

@maintainer? any update on this?

commented 3 months ago

Maintainer

PoC video is deleted. Occurrences link is bogus.

Tony Murray validated this vulnerability 3 months ago

Please make sure Occurrences link is valid, to respect maintainer's time.

Trunggg02 has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Tony Murray marked this as fixed in 23.9.0 with commit e4c46a 3 months ago

The fix bounty has been dropped

This vulnerability has been assigned a CVE

This vulnerability is scheduled to go public on Sep 15th 2023

commented 3 months ago

Researcher

@Tony Murray Video Poc link is still accessible

Tony Murray published this vulnerability 3 months ago

commented 3 months ago

@trunggg02, pro vip

commented 3 months ago

Researcher

@haido , dơ

commented 3 months ago

@trunggg02, How can I contact you? You are so pro

to join this conversation

We are processing your report and will contact the librenms team within 24 hours. 4 months ago

A GitHub Issue asking the maintainers to create a SECURITY.md exists 4 months ago

We have contacted a member of the librenms team and are waiting to hear back 4 months ago

commented 3 months ago

Researcher

@admin Is there any feedback from the developer?

commented 3 months ago

Researcher

@maintainer? any update on this?

commented 3 months ago

Maintainer

PoC video is deleted. Occurrences link is bogus.

Tony Murray validated this vulnerability 3 months ago

Please make sure Occurrences link is valid, to respect maintainer's time.

Trunggg02 has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Tony Murray marked this as fixed in 23.9.0 with commit e4c46a 3 months ago

The fix bounty has been dropped

This vulnerability has been assigned a CVE

This vulnerability is scheduled to go public on Sep 15th 2023

commented 3 months ago

Researcher

@Tony Murray Video Poc link is still accessible

Tony Murray published this vulnerability 3 months ago

commented 3 months ago

@trunggg02, pro vip

commented 3 months ago

Researcher

@haido , dơ

commented 3 months ago

@trunggg02, How can I contact you? You are so pro

to join this conversation