2024-11-19
Platform: LibreNMS
Version: (Unaffected versions to be filled by official source)
Vulnerability: Stored XSS
Severity: Critical
Date: Unknown
What Undercode Says:
LibreNMS suffers from a critical Stored XSS vulnerability in the “Services” tab of the Device page. This allows authenticated attackers to inject malicious scripts through the “descr” parameter when adding a service. These scripts can then run within the context of other users’ sessions, potentially compromising accounts and enabling unauthorized actions.
Exploit:
1. Access the edit device -> services workflow.
2. Inject the following payload in the “descr” parameter: `Descr'”>`
3. Save the service.
4. Other users visiting the affected
Impact:
– Account compromise
– Unauthorized actions on affected
Recommendation:
Upgrade to a fixed version of LibreNMS as soon as possible.
References:
Reported By: Github.com
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.help