librenms/librenms is vulnerable to cross-site scripting. The vulnerability exists in notifications.inc.php
due to lack of escaping in title which allows an attacker to inject and execute malicious javascript.
CPE | Name | Operator | Version |
---|---|---|---|
librenms/librenms | le | 22.9.0 | |
librenms/librenms | le | 22.9.0 |
github.com/advisories/GHSA-qch4-jmf8-xvp7
github.com/librenms/librenms/blob/master/includes/html/pages/notifications.inc.php#L87
github.com/librenms/librenms/commit/8e85698aa3aa4884c2f3d6c987542477eb64f07c
github.com/librenms/librenms/pull/14457
huntr.dev/bounties/3ca7023e-d95c-423f-9e9a-222a67a8ee72
huntr.dev/bounties/3ca7023e-d95c-423f-9e9a-222a67a8ee72/