Details

    • Bug
    • Resolution: Fixed
    • Minor
    • None
    • CE-22.5
    • Discovery

    Description

      Observium is vulnerable to HTML injection via LLDP neighbour discovery. This happens if a port sees a neighbour with a system name of <script>alert('injection!')</script>.

      In the "neighbours view" of that port, a yellow triangle will be shown to indicate that autodiscovery is not working properly. Hovering over that triangle will trigger the injected payload.

       

      Keep up the good work! Cheers!

      Attachments

        Activity

          [OBS-4584] HTML injection vulnerability
          zluudg zluudg added a comment -

          Nice work!

          A question out of curiosity:

          Is this worth registering a CVE for? I'm curious because I reported two similar flaws in LibreNMS, and they went for a CVE in one of the cases but not the other. I would like to hear your opinions on this, if you have the time. Is it a real security vulnerability or is it contrived and artificial?

           

          Thanks!

          zluudg zluudg added a comment - Nice work! A question out of curiosity: Is this worth registering a CVE for? I'm curious because I reported two similar flaws in LibreNMS, and they went for a CVE in one of the cases but not the other. I would like to hear your opinions on this, if you have the time. Is it a real security vulnerability or is it contrived and artificial?   Thanks!

          Dear.. who wants to do this

          Fixed in r12943.

          landy Mike Stupalov added a comment - Dear.. who wants to do this Fixed in r12943.

          General questions and device support can be discussed in our Discord channel, click here to join.


          Please make and attach additional information about the device:

          • full snmp dump from device:

            snmpwalk -v2c -c <community> -t 3 -Cc --hexOutputLength=0 -Ih -ObentxU <hostname> .1 > myagent.snmpwalk
            snmpwalk -v2c -c <community> -t 3 -Cc --hexOutputLength=0 -Ih -ObentxU <hostname> .1.3.6.1.4.1 >> myagent.snmpwalk

            If device not support SNMP version 2c, replace -v2c with -v1.

          • If you have problems with discovery or poller processes, please do and attach these debugs:

            ./discovery.php -d -h <device>
            ./poller.php -d -h <device>

          • additionally attach device and/or vendor specific MIB files

          This comment is added automatically.

          bot Observium Bot added a comment - General questions and device support can be discussed in our Discord channel, click here to join . Please make and attach additional information about the device: full snmp dump from device: snmpwalk -v2c -c <community> -t 3 -Cc --hexOutputLength=0 -Ih -ObentxU <hostname> .1 > myagent.snmpwalk snmpwalk -v2c -c <community> -t 3 -Cc --hexOutputLength=0 -Ih -ObentxU <hostname> .1.3.6.1.4.1 >> myagent.snmpwalk If device not support SNMP version 2c, replace -v2c with -v1. If you have problems with discovery or poller processes, please do and attach these debugs: ./discovery.php -d -h <device> ./poller.php -d -h <device> additionally attach device and/or vendor specific MIB files This comment is added automatically.

          People

            landy Mike Stupalov
            zluudg zluudg
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: