You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please note for future reference that we ask people to contact us via email for security related issues: https://docs.librenms.org/#General/Security/ and that GitHub isn't used for reporting any form of bugs or security issues.
lockbot
locked as resolved and limited conversation to collaborators
Nov 7, 2018
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi,
dashboard_name parameter is vulnerable to Persistent Cross-Site Scripting attacks through POST requests in /ajax_form.php resource.
This vulnerability, allow remote attackers to inject arbitrary web script or HTML.
Proof of concept (PoC)
Click in New Dashboard (+) and enter payload "<script>alert('XSS PoC')</script>" in name field
Greetings!
The text was updated successfully, but these errors were encountered: