LibreNMS Cross-site Scripting at Device groups Deletion feature

Summary XSS attacks occurs when application is not sanitising inputs properly and rendering the code from user input to browser which could allow an attacker to execute malicious javascript code. PoC 1. Login 2. Create a device group in /device-groups 3. Name it as " 4. save it 5. Go to services...

PT-2023-31372 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: librenms versions prior to 23.9.0 Description: The issue is related to Cross-site Scripting XSS - Stored, which affects the GitHub repository librenms/librenms. Recommendations: For versions prior to 23.9.0, update to version 23.9.0 or later ...

GHSA-325V-G5VX-WHXC LibreNMS vulnerable to Cross-Site Scripting (XSS)

LibreNMS version 22.6.0 was discovered to contain a cross-site scripting XSS vulnerability via the component oxidized-cfg-check.inc.php...