CVE-2025-62411

MEDIUM5.5EPSS 0.01%

LibreNMS has a Stored XSS vulnerability in its Alert Transport name field

Published: 10/16/2025Modified: 10/16/2025
Also known as:GHSA-frc6-pwgr-c28w

Description

### Summary LibreNMS <= 25.8.0 contains a **Stored Cross-Site Scripting (XSS)** vulnerability in the Alert Transports management functionality. When an administrator creates a new Alert Transport, the value of the `Transport name` field is stored and later rendered in the **Transports** column of the **Alert Rules** page without proper input validation or output encoding. This leads to arbitrary JavaScript execution in the admin’s browser. ### Details * **Injection point:** `Transport name` field in `/alert-transports`. * **Execution point:** **Transports** column in `/alert-rules`. * **Scope:** Only administrators can create Alert Transports, and only administrators can view the affected Alert Rules page. Therefore, both exploitation and impact are limited to admin users. ### Steps to reproduce 1. Log in with an administrator account. 2. Navigate to: ``` http://localhost:8000/alert-transports ``` 3. Click **Create alert transport** and provide the following values: * **Transport name:** ```html 'onfocus='alert(1)' autofocus= ``` * **Default Alert:** `ON` * **Email:** `[email protected]` (or any valid email) Save the transport. 4. Navigate to ```http://localhost:8000/alert-rules```. A popup `alert(1)` is triggered, confirming that the payload executes. <img width="1829" height="396" alt="image" src="https://github.com/user-attachments/assets/932ba17d-214d-4253-80b8-62539d1cfa28" /> ### Impact Only accounts with the admin role who access the **Alert Rules** page (`http://localhost:8000/alert-rules`) are affected.

Affected packages (1)

CVSS scores

SourceVersionSeverityVector
osvCVSS 3.1MEDIUM5.5CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

References (6)