Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrFaisalfs10xD943D95C-076F-441A-AB21-CBF6B15F6768
HistoryFeb 13, 2022 - 2:30 a.m.

Cross-site Scripting (XSS) - Stored in librenms/librenms

2022-02-1302:30:59
faisalfs10x
www.huntr.dev
11

0.001 Low

EPSS

Percentile

26.4%

JSON

Description

Stored XSS in create/modify Transport Groups, Add/Edit Service and Edit Service Template

Proof of Concept

Payload:

'><body onload=alert(/XSS/)>

~

PoC image:

Xss payload in create/modify Transport Groups

Xss payload in Add/Edit Service

Xss payload in Edit Service Template

~

XSS will fire-up by user visiting:

1 http://{HOST}/alert-transports

2 http://{HOST}/device/{id}/services

Impact

This vulnerability is capable of running malicious javascript code on web pages.

Related

osv 2
veracode 1
nvd 1
cve 1
cnvd 1
cvelist 1
prion 1
github 1
osv
osv
CVE-2022-0589
2022-02-15 09:15:06
Cross-site Scripting in librenms
2022-02-16 00:01:51
veracode
veracode
Cross-site Scripting (XSS)
2022-02-16 13:41:04
nvd
nvd
CVE-2022-0589
2022-02-15 09:15:06
cve
cve
CVE-2022-0589
2022-02-15 09:15:06
cnvd
cnvd
librenms Cross-Site Scripting Vulnerability (CNVD-2022-12750)
2022-02-17 00:00:00
cvelist
cvelist
CVE-2022-0589 Cross-site Scripting (XSS) - Stored in librenms/librenms
2022-02-15 08:10:10
prion
prion
Cross site scripting
2022-02-15 09:15:00
github
github
Cross-site Scripting in librenms
2022-02-16 00:01:51

0.001 Low

EPSS

Percentile

26.4%

JSON
Related for D943D95C-076F-441A-AB21-CBF6B15F6768
osv2veracode1nvd1cve1cnvd1cvelist1prion1github1