XSS attacks occurs when application is not sanitising inputs properly and rendering the code from user input to browser which could allow an attacker to execute malicious javascript code.
"><img src=x onerror=alert(1);>
https://github.com/librenms/librenms/blob/63eeeb71722237d1461a37bb6da99fda25e02c91/app/Http/Controllers/DeviceGroupController.php#L173C21-L173C21
Line 173 is not sanitizing device name properly <img width="793" alt="Screenshot 2023-11-08 at 9 26 14 PM" src="https://user-images.githubusercontent.com/31764504/281490570-5ae6e73a-37ce-4683-8bc8-81655abd8d09.png">
Cross site scripting can lead to cookie stealing attacks
{ "nvd_published_at": "2023-11-17T21:15:07Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-11-17T21:51:24Z" }