CVE-2024-32479: LibreNMS's Improper Sanitization on Service template name leads to Stored XSS

First published: Mon Apr 22 2024(Updated: )

### Summary There is improper sanitization on Service template name which is reflecting in delete button onclick event. This value can be modified and crafted as any other javascript code. ### Vulnerable Code https://github.com/librenms/librenms/blob/a61c11db7e8ef6a437ab55741658be2be7d14d34/app/Http/Controllers/ServiceTemplateController.php#L67C23-L67C23 Above is vulnerable code line which needs to be properly sanitized ### PoC 1. Go to /services/templates 2. Enter name as `testing', '14', 'http://172.105.62.194:8000/services/templates/14');alert(1);//` 3. Submit it and try to delete it, you will see popup If you inspect element on delete button, you will notice this:- <img width="748" alt="Screenshot 2023-11-23 at 9 30 24 PM" src="https://user-images.githubusercontent.com/31764504/285260018-7672a93d-e29b-4444-8057-e6ffcb8dabfc.png"> ### Impact Cross site scripting can lead to cookie stealing or an attacker can execute any other feature using this feature.

Credit: security-advisories@github.com security-advisories@github.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/weakness
• agent/first-publish-date
• agent/title
• agent/type
• agent/description
• agent/event
• collector/github-advisory-latest
• source/GitHub
• alias/GHSA-72m9-7c8x-pmmw
• alias/CVE-2024-32479
• agent/software-canonical-lookup
• agent/references
• collector/nvd-cve
• source/NVD
• agent/author
• collector/github-advisory
• collector/epss-latest
• source/FIRST
• agent/epss
• collector/mitre-cve
• source/MITRE
• agent/trending
• collector/nvd-api
• agent/remedy
• agent/last-modified-date
• agent/severity
• agent/softwarecombine
• agent/tags
• package-manager/composer
• vendor/librenms
• canonical/librenms librenms