Miggo Logo
Miggo Vulnerability Database
CVE-2022-4067

CVE-2022-4067: Cross-site Scripting in librenms/librenms

5.4

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-4067
GHSA ID
GHSA-qch4-jmf8-xvp7
EPSS Score
0.99556%
CWE
CWE-79
Published
11/20/2022
Updated
2/1/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
librenms/librenmscomposer< 22.10.022.10.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The GitHub commit 8e85698 shows three instances in notifications.inc.php where $notif['title'] was output without escaping. The fix added htmlentities() to sanitize the output. Since notification titles are user-controlled (via stored data), the lack of escaping in these echo statements directly enabled stored XSS. The file path and vulnerability pattern match the CWE-79 description and patch context.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross-sit* S*riptin* (XSS) - Stor** in *it*u* r*pository li*r*nms/li*r*nms prior to **.**.*.

Reasoning

T** *it*u* *ommit ******* s*ows t*r** inst*n**s in `noti*i**tions.in*.p*p` w**r* $noti*['titl*'] w*s output wit*out *s**pin*. T** *ix ***** `*tml*ntiti*s()` to s*nitiz* t** output. Sin** noti*i**tion titl*s *r* us*r-*ontroll** (vi* stor** **t*), t**