CVE-2025-47931: LibreNMS stored Cross-site Scripting vulnerability in poller group name
(updated )
LibreNMS v25.4.0 suffers from Stored Cross-Site Scripting (XSS) Vulnerability in the ‘group name’ parameter of the ‘http://localhost/poller/groups’ form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users.
———————————POC—————————–
Before Setting: Enable ‘distributed_poller’ in http://localhost/settings/poller/distributed
- Attacker creates a new poller group and injects the payload in the ‘group name’ parameter
payload: <script>alert('XSS')</script>
- Victim navigates to the ‘http://localhost/addhost’ to add a new host
- The payload is executed
code sink: https://github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php#L284
References
- github.com/advisories/GHSA-hxw5-9cc5-cmw5
- github.com/librenms/librenms
- github.com/librenms/librenms/blob/25.4.0/includes/html/pages/addhost.inc.php
- github.com/librenms/librenms/commit/88fe1a7abdb500d9a2d4c45f9872df54c9ff8062
- github.com/librenms/librenms/pull/17603
- github.com/librenms/librenms/security/advisories/GHSA-hxw5-9cc5-cmw5
- nvd.nist.gov/vuln/detail/CVE-2025-47931
Code Behaviors & Features
Detect and mitigate CVE-2025-47931 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →