LibreNMS Authenticated Cross-Site Scripting Vulnerability on Showconfig Page

A cross-site scripting (XSS) vulnerability has been identified in LibreNMS versions prior to 26.3.0. This issue resides on the showconfig page and requires administrative privileges for exploitation. When successfully exploited, the vulnerability allows XSS attacks to be executed against other users who have access to the page.

Impact

Exploitation of this vulnerability allows for cross-site scripting attacks, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, an admin user must first enable RANCID Integration and configure a RANCID repository URL that points to a Git repository. Once these settings are in place, the admin can inject an XSS payload, such as an image tag with an 'onerror' event, into the RANCID Repository URL field. After saving the configuration, the injected script will be executed when the showconfig page is accessed.