Security Advisories: GSA_kwCzR0hTQS0yZjR3LTZtYzctNHc3OM4ABDb2

LibreNMS Display Name 2 Stored Cross-site Scripting vulnerability

StoredXSS-LibreNMS-Display Name 2

Description:

XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):/device/$DEVICE_ID/edit -> param: display

of Librenms versions 24.11.0 (https://github.com/librenms/librenms) allows remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure.

Proof of Concept:

1. Add a new device through the LibreNMS interface.
2. Edit the newly created device by going to the "Device Settings" section.
3. In the "Display Name" field, enter the following payload: "><img src onerror="alert(document.cookie)">.
   
4. Save the changes.
5. The XSS payload is triggered when navigating to the path /device/$DEVICE_ID/logs and hovering over a type containing a tag (such as Core 1 in the image).
   

Impact:

Execution of Malicious Code

Permalink: https://github.com/advisories/GHSA-2f4w-6mc7-4w78
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0yZjR3LTZtYzctNHc3OM4ABDb2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 13 days ago
Updated: 12 days ago

CVSS Score: 4.6
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

EPSS Percentage: 0.00043
EPSS Percentile: 0.1136

Identifiers: GHSA-2f4w-6mc7-4w78, CVE-2024-56144
References:

• https://github.com/librenms/librenms/security/advisories/GHSA-2f4w-6mc7-4w78
• https://github.com/librenms/librenms/pull/16886
• https://github.com/librenms/librenms/commit/c63c912d86098bcefd52a28328482b94632eadf8
• https://nvd.nist.gov/vuln/detail/CVE-2024-56144
• https://github.com/advisories/GHSA-2f4w-6mc7-4w78

Repository: https://github.com/librenms/librenms
Blast Radius: 1.4

Affected Packages