GHSA-pm8j-3v64-92cq

Suggest an improvement
Source
https://github.com/advisories/GHSA-pm8j-3v64-92cq
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-pm8j-3v64-92cq/GHSA-pm8j-3v64-92cq.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-pm8j-3v64-92cq
Aliases
  • CVE-2025-23198
Published
2025-01-16T17:21:20Z
Modified
2025-01-17T16:01:12.781717Z
Severity
  • 4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
Summary
LibreNMS Display Name Stored Cross-site Scripting vulnerability
Details

Description:

XSS on the parameters (Replace $DEVICEID with your specific $DEVICEID value):/device/$DEVICE_ID/edit -> param: display

of Librenms versions 24.9.0, 24.10.0, and 24.10.1 (https://github.com/librenms/librenms) allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure.

Proof of Concept: 1. Add a new device through the LibreNMS interface. 2. Edit the newly created device by going to the "Device Settings" section. 3. In the "Display Name" field, enter the following payload: "><script>alert(1)</script>. Screenshot from 2024-11-06 09-41-37

  1. Save the changes.
  2. The XSS payload triggers when accessing the "/apps" path (if an application was previously added). Screenshot from 2024-11-06 09-42-05

Additional PoC: 1. In the "Display Name" field, enter the following payload: "><img src onerror="alert(1)">. image

  1. The XSS vulnerability is triggered when accessing the "/ports" path, and the payload executes when hovering over the modified value in the "Port" field. image

  • on /device/$DEVICE_ID/ports/arp path: image

  • on /device/$DEVICE_ID/logs path: image

  • on /search/search=arp/ path: image

Impact:

Execution of Malicious Code

Database specific 
{
    "nvd_published_at": "2025-01-16T23:15:08Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2025-01-16T17:21:20Z"
}
References

Affected packages

Packagist / librenms/librenms

Package

Name
librenms/librenms
Purl
pkg:composer/librenms/librenms

Affected ranges

Type
ECOSYSTEM
Events
Introduced
24.9.0
Fixed
24.11.0

Affected versions

24.*

24.9.0
24.9.1
24.10.0
24.10.1

Database specific 

{
    "last_known_affected_version_range": "< 24.10.1"
}