[OBS-4584] HTML injection vulnerability - Observium

Details

Type: Bug
Resolution: Fixed
Priority: Minor
Fix Version/s: None
Affects Version/s: CE-22.5
Component/s: Discovery
Labels:
- security

Description

Observium is vulnerable to HTML injection via LLDP neighbour discovery. This happens if a port sees a neighbour with a system name of <script>alert('injection!')</script>.

In the "neighbours view" of that port, a yellow triangle will be shown to indicate that autodiscovery is not working properly. Hovering over that triangle will trigger the injected payload.

Keep up the good work! Cheers!

Attachments

Activity

People

Assignee:: Mike Stupalov

Reporter:: zluudg

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2023/08/16 08:32 PM

Updated:: 2023/08/22 09:56 PM

Resolved:: 2023/08/17 02:45 PM