librenms/librenms is vulnerable to cross-site scripting(XSS) attacks. The vulnerability exists due to the lack of sanitization in the Transport name field in the alert-transports.inc.php
file allowing an attacker to inject and execute malicious javascript through the alerts
module.
CPE | Name | Operator | Version |
---|---|---|---|
librenms/librenms | le | 22.1.0 | |
librenms/librenms | le | 22.1.0 |
github.com/advisories/GHSA-rp34-85x3-3764
github.com/librenms/librenms/commit/135717a9a05c5bf8921f1389cbb469dcbf300bfd
github.com/librenms/librenms/pull/13775
huntr.dev/bounties/114ba055-a2f0-4db9-aafb-95df944ba177
huntr.dev/bounties/114ba055-a2f0-4db9-aafb-95df944ba177/
notes.netbytesec.com/2022/02/multiple-vulnerabilities-in-librenms.html