GHSA-HXW5-9CC5-CMW5

Vulnerability from github – Published: 2025-05-19 16:22 – Updated: 2025-05-19 16:22
VLAI?
Summary
LibreNMS stored Cross-site Scripting vulnerability in poller group name
Details

LibreNMS v25.4.0 suffers from Stored Cross-Site Scripting (XSS) Vulnerability in the 'group name' parameter of the 'http://localhost/poller/groups' form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users.

---------------------------------POC-----------------------------

Before Setting: Enable 'distributed_poller' in http://localhost/settings/poller/distributed 1. Attacker creates a new poller group and injects the payload in the 'group name' parameter

payload: <script>alert('XSS')</script>
  1. Victim navigates to the 'http://localhost/addhost' to add a new host
  2. The payload is executed

code sink: https://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284

Severity ?
2.1 (Low)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "librenms/librenms"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "25.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-47931"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-19T16:22:53Z",
    "nvd_published_at": "2025-05-17T16:15:19Z",
    "severity": "LOW"
  },
  "details": "### LibreNMS v25.4.0 suffers from Stored Cross-Site Scripting (XSS) Vulnerability in the \u0027group name\u0027 parameter of the \u0027http://localhost/poller/groups\u0027 form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users.\n\n## ---------------------------------POC-----------------------------\nBefore Setting: Enable \u0027distributed_poller\u0027 in http://localhost/settings/poller/distributed\n1. Attacker creates a new poller group and injects the payload in the \u0027group name\u0027 parameter\n```\npayload: \u003cscript\u003ealert(\u0027XSS\u0027)\u003c/script\u003e\n```\n2. Victim navigates to the \u0027http://localhost/addhost\u0027 to add a new host\n3. The payload is executed\n\ncode sink:\nhttps://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284",
  "id": "GHSA-hxw5-9cc5-cmw5",
  "modified": "2025-05-19T16:22:53Z",
  "published": "2025-05-19T16:22:53Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/librenms/librenms/security/advisories/GHSA-hxw5-9cc5-cmw5"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47931"
    },
    {
      "type": "WEB",
      "url": "https://github.com/librenms/librenms/pull/17603"
    },
    {
      "type": "WEB",
      "url": "https://github.com/librenms/librenms/commit/88fe1a7abdb500d9a2d4c45f9872df54c9ff8062"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/librenms/librenms"
    },
    {
      "type": "WEB",
      "url": "https://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "LibreNMS stored Cross-site Scripting vulnerability in poller group name"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.