HTTP: LibreNMS Notifications Title Stored Cross-Site Scripting
This signature detects attempts to exploit a known cross-site scripting vulnerability against LibreNMS Notifications. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 22.10.0.
Affected Products
Librenms librenms
Short Name
HTTP:XSS:LIBRENMS-NOTIF-TITLE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2022-3562 CVE-2022-4067 CVE-2022-4068 CVE-2022-4069 CVE-2023-4347 Cross-Site LibreNMS Notifications Scripting Stored Title
Release Date
12/15/2022
Supported Platforms
mx-19.3
vmx-19.3
vsrx-19.2
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vmx-19.4
mx-19.4
srxevo-25.4
vsrx-26.2
srx-26.2
srx-branch-26.2
vsrx3bsd-26.2
mx-12.3
srx-12.3
srx-branch-12.3
vsrx-12.3
Sigpack Version
3692
False Positive
Unknown
Vendors
Librenms