Description
Observium is vulnerable to HTML injection via LLDP neighbour discovery. This happens if a port sees a neighbour with a system name of <script>alert('injection!')</script>.
In the "neighbours view" of that port, a yellow triangle will be shown to indicate that autodiscovery is not working properly. Hovering over that triangle will trigger the injected payload.
Keep up the good work! Cheers!
Nice work!
A question out of curiosity:
Is this worth registering a CVE for? I'm curious because I reported two similar flaws in LibreNMS, and they went for a CVE in one of the cases but not the other. I would like to hear your opinions on this, if you have the time. Is it a real security vulnerability or is it contrived and artificial?
Thanks!