Librenms DC-2024-XXXXX (to be filled by official source)

2024-11-19

Platform: LibreNMS

Version: (Unaffected versions to be filled by official source)

Vulnerability: Stored XSS

Severity: Critical

Date: Unknown

What Undercode Says:

LibreNMS suffers from a critical Stored XSS vulnerability in the “Services” tab of the Device page. This allows authenticated attackers to inject malicious scripts through the “descr” parameter when adding a service. These scripts can then run within the context of other users’ sessions, potentially compromising accounts and enabling unauthorized actions.

Exploit:

1. Access the edit device -> services workflow.

2. Inject the following payload in the “descr” parameter: `Descr'”>`

3. Save the service.

4. Other users visiting the affected

Impact:

– Account compromise

– Unauthorized actions on affected

Recommendation:

Upgrade to a fixed version of LibreNMS as soon as possible.

References:

Reported By: Github.com
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top