Reflected-XSS in report_this function in librenms/includes/functions.php
Recently, it was discovered that the report_this function had improper filtering (htmlentities function was incorrectly used in a href environment), which caused the project_issues parameter to trigger an XSS vulnerability.
The Vulnerable Sink:
https://github.com/librenms/librenms/blob/master/includes/functions.php#L444
GET
project_issues=javascript:alert(document.cookie)
XSS vulnerabilities allow attackers to execute malicious scripts in users' browsers, enabling unauthorized access to sensitive data, session hijacking, or malware distribution.
It is recommended to filter dangerous protocols, e.g. javascript:/file:.
| Score | Percentile |
|---|---|
| 0.00% | 0.03% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 5.5 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-86rg-8hc8-v82p ↗ |
| CVE | CVE-2025-62365 ↗ |
| CWE id | Name |
|---|---|
| CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| composer | librenms/librenms | <= 25.6.0 | 25.7.0 | — |