Lucene search
Vautia3CA7023E-D95C-423F-9E9A-222A67A8EE72HistorySep 21, 2022 - 6:16 p.m.
Stored Cross-Site Scripting (XSS)
2022-09-2118:16:25
vautia
www.huntr.dev
13
0.001 Low
EPSS
Percentile
19.5%
Description
There is insufficient input validation in the title of user notifications.
Proof of Concept
Steps to reproduce:
1. Log in to an admin account
2. Hover over the username & click on Notifications
3. Create a new notification with the Title `<script>alert(document.location)</script>` and an arbitrary message
4. The XSS is triggered whenever the notifications view is loaded
Related
cve
cve
CVE-2022-4067
2022-11-20 05:15:11
github
github
Cross-site Scripting in librenms/librenms
2022-11-20 06:30:16
nvd
nvd
CVE-2022-4067
2022-11-20 05:15:11
osv
osv
Cross-site Scripting in librenms/librenms
2022-11-20 06:30:16
CVE-2022-4067
2022-11-20 05:15:11
veracode
veracode
Cross-Site Scripting (XSS)
2022-11-21 15:06:16
cvelist
cvelist
CVE-2022-4067 Cross-site Scripting (XSS) - Stored in librenms/librenms
2022-11-20 00:00:00
cnvd
cnvd
LibreNMS Cross-Site Scripting Vulnerability (CNVD-2022-81232)
2022-11-22 00:00:00
prion
prion
Cross site scripting
2022-11-20 05:15:00