GHSA-c86q-rj37-8f85

Source

https://github.com/advisories/GHSA-c86q-rj37-8f85

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/11/GHSA-c86q-rj37-8f85/GHSA-c86q-rj37-8f85.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-c86q-rj37-8f85

Aliases

CVE-2024-49758

Published

2024-11-15T15:17:33Z

Modified

2024-11-15T21:10:02.363558Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

LibreNMS has a stored XSS in ExamplePlugin with Device's Notes

Details

Summary

The application fail to sanitising inputs properly and rendering the code from user input to browser which allow an attacker to execute malicious javascript code.

Details

User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the ExamplePlugin enable, if java script code is inside the device's Notes, its will be trigger.

PoC

As an admin user, enable the ExamplePlugin.

Add the payload <img src="x" onerror="alert(document.cookie)"> into the device Notes

Once visit the Overview of the Device, a pop-up will show up.

Impact

It could allow authenticated users to execute arbitrary JavaScript code in the context of other users' sessions. Impacted users could have their accounts compromised, enabling the attacker to perform unauthorized actions on their behalf.

Database specific

{
    "nvd_published_at": "2024-11-15T16:15:34Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-11-15T15:17:33Z"
}

References

Affected packages

Packagist / librenms/librenms

Package

Name: librenms/librenms
Purl: pkg:composer/librenms/librenms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

24.10.0

Affected versions

1.*

1.19

1.20

1.20.1

1.21

1.22

1.22.01

1.23

1.24

1.25

1.26

1.27

1.28

1.29

1.30

1.30.01

1.31

1.31.01

1.31.02

1.31.03

1.32

1.32.01

1.33

1.33.01

1.34

1.35

1.36

1.36.01

1.37

1.38

1.39

1.40

1.41

1.42

1.42.01

1.43

1.44

1.45

1.46

1.47

1.48

1.48.1

1.49

1.50

1.50.1

1.51

1.52

1.53

1.53.1

1.54

1.55

1.56

1.57

1.58

1.58.1

1.59

1.60

1.61

1.62

1.62.1

1.62.2

1.63

1.64

1.64.1

1.65

1.65.1

1.66

1.67

1.68

1.69

1.70.0

1.70.1

21.*

21.1.0

21.2.0

21.3.0

21.4.0

21.5.0

21.5.1

21.6.0

21.7.0

21.8.0

21.9.0

21.9.1

21.10.0

21.10.1

21.10.2

21.11.0

21.12.0

21.12.1

22.*

22.1.0

22.2.0

22.2.1

22.2.2

22.3.0

22.4.0

22.4.1

22.5.0

22.6.0

22.7.0

22.8.0

22.9.0

22.10.0

22.11.0

22.12.0

23.*

23.1.0

23.1.1

23.2.0

23.4.0

23.4.1

23.5.0

23.6.0

23.7.0

23.8.0

23.8.1

23.8.2

23.9.0

23.9.1

23.10.0

23.11.0

24.*

24.1.0

24.2.0

24.3.0

24.4.0

24.4.1

24.5.0

24.6.0

24.7.0

24.8.0

24.8.1

24.9.0

24.9.1

Database specific

{
    "last_known_affected_version_range": "<= 24.9.0"
}