Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reflected XSS in 1.1.27 #1071

Closed
cibvetr2 opened this issue Nov 10, 2017 · 10 comments

Comments

Projects
None yet
6 participants
@cibvetr2
Copy link

commented Nov 10, 2017

We (worlak2 and cibvetr2) found Reflected XSS vuln in last version 1.1.27.(For example we found in Google host with last version of cacti)
PoC
1)http://128.65.97.6/host.php/gahv8'-alert(document.domain)-'w6vt7??host_status=-1&host_template_id=-1&site_id=-1&poller_id=-1&rows=-1&filter=&
default

With regards worlak2 and cibvetr2

@cigamit

This comment has been minimized.

Copy link
Member

commented Nov 10, 2017

Can you please confirm this against the current develop branch? I can not reproduce using your example.

I actually receive a permission denied message.

@cibvetr2

This comment has been minimized.

Copy link
Author

commented Nov 11, 2017

Yes we tested this on local version
1)If you not login
default
2) If you login
default
we use version from https://www.cacti.net/downloads/cacti-latest.zip

@carnil

This comment has been minimized.

Copy link

commented Nov 11, 2017

This issue was assigned CVE-2017-16785

@cigamit

This comment has been minimized.

Copy link
Member

commented Nov 11, 2017

I don't believe you understood me correctly. Please test with the latest develop branch. I believe this problem has already been solved and is a duplicate of another issue that was resolved recently and finally in this issue e219199.

Therefore, I will mark unable to reproduce until you are able to attempt to reproduce with the latest develop branch. If you find you can not reproduce, we can make it closed and update the change record since we have the CVE to deal with. Please advise.

@worlak2

This comment has been minimized.

Copy link

commented Nov 11, 2017

We thought that the latest version. 1.1.27 and it's on github 1.1.28 and the site is still old
Therefore, the problem is fixed in 1.1.28. Please update the information on the website

@ronytomen

This comment has been minimized.

Copy link
Member

commented Nov 11, 2017

1.1.28 has not been released and that is why it does not appear as a download. It's under active development.

1.2.x is a feature branch for later release.

@cigamit

This comment has been minimized.

Copy link
Member

commented Nov 12, 2017

We are enhancing the fix to the issue linked below in 1.1.28. Also, per ronytomen, I don't believe you understood me correctly. Please test with the latest develop branch. I believe this problem has already been solved and is a duplicate of another issue that was resolved recently and finally in this issue e219199.

Therefore, I will mark unable to reproduce until you are able to attempt to reproduce with the latest develop branch. If you find you can not reproduce, we can make it closed and update the change record since we have the CVE to deal with. Please advise.

@cibvetr2

This comment has been minimized.

Copy link
Author

commented Nov 12, 2017

yes in 1.1.28 it's problem fixed

@cigamit

This comment has been minimized.

Copy link
Member

commented Nov 12, 2017

Thanks for confirming. Marking resolved in changelog and closing.

@paulgevers

This comment has been minimized.

Copy link
Contributor

commented Nov 13, 2017

I think this is a duplicate of CVE-2017-15194 / issue #1010, or if not, one could consider this a reintroduction of it in commit 054aa82, as discussed in the comments there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.