You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The text was updated successfully, but these errors were encountered:
SegfaultMasters
changed the title
Stored XSS in "Website Hostname" field - Data collectors
Stored XSS in "Website Hostname" field - Devices
Dec 16, 2018
Description -
There's no escape being done before printing out the value of
Hostnamevalue in the Tree table.Cacti version - v1.1.38
Steps to reproduce -
Navigate to http://localhost:4040/cacti/host.php?action=edit&id=1 & add the below shared payload as the
Hostnamefield value.Payload -
<img src=xss onerror=alert(1)>Visit http://localhost:4040/cacti/tree.php?action=edit&id=1, payload will be triggered.
The text was updated successfully, but these errors were encountered: