You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A clear and concise description of what the bug is.
Input the string <script>alert('test CVE');</script> into search filter of Console->Site, Console->Data Queries page. Click the Go button. The main table of screen become blank. And get the JS errors below,
Uncaught Error: Syntax error, unrecognized expression: a[href^='data_queries.php?header=false&filter=<script>alert('test CVE');</script>&rows=-1']
at Function.Sizzle.error (VM2293 jquery.js:1541)
at Sizzle.tokenize (VM2293 jquery.js:2193)
at Function.Sizzle [as find] (VM2293 jquery.js:815)
at jQuery.fn.init.find (VM2293 jquery.js:2873)
at Object. (layout.js?ea97ab27c1fd2763359bda63736742d9:1980)
at fire (VM2293 jquery.js:3268)
at Object.fireWith [as resolveWith] (VM2293 jquery.js:3398)
at done (VM2293 jquery.js:9305)
at XMLHttpRequest. (VM2293 jquery.js:9548)
To Reproduce
Steps to reproduce the behavior:
Go to Console->Data Queries page. Input the string <script>alert('test CVE');</script> into search filter.
Click the Go button
Check the screen.
See console of Firefox , see the JS error
Expected behavior
A clear and concise description of what you expected to happen.
No blank screen, and no JS errors.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information)
OS: [e.g. iOS]
Browser [e.g. chrome, safari]
Version [e.g. 22]
Smartphone (please complete the following information)
TheWitness
changed the title
JS errors after input some cve test string in the search filter of Console->Site, Console->Data Queries and etc.
JavaScript errors experienced when attempting to exploit Cacti
Apr 10, 2020
netniV
changed the title
JavaScript errors experienced when attempting to exploit Cacti
When attempting to exploit Cacti using alert, unexpected errors can be seen
May 3, 2020
Describe the bug
A clear and concise description of what the bug is.
Input the string <script>alert('test CVE');</script> into search filter of Console->Site, Console->Data Queries page. Click the Go button. The main table of screen become blank. And get the JS errors below,
Uncaught Error: Syntax error, unrecognized expression: a[href^='data_queries.php?header=false&filter=<script>alert('test CVE');</script>&rows=-1']
at Function.Sizzle.error (VM2293 jquery.js:1541)
at Sizzle.tokenize (VM2293 jquery.js:2193)
at Function.Sizzle [as find] (VM2293 jquery.js:815)
at jQuery.fn.init.find (VM2293 jquery.js:2873)
at Object. (layout.js?ea97ab27c1fd2763359bda63736742d9:1980)
at fire (VM2293 jquery.js:3268)
at Object.fireWith [as resolveWith] (VM2293 jquery.js:3398)
at done (VM2293 jquery.js:9305)
at XMLHttpRequest. (VM2293 jquery.js:9548)
To Reproduce
Steps to reproduce the behavior:
Go to Console->Data Queries page. Input the string <script>alert('test CVE');</script> into search filter.
Click the Go button
Check the screen.
See console of Firefox , see the JS error
Expected behavior
A clear and concise description of what you expected to happen.
No blank screen, and no JS errors.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information)
OS: [e.g. iOS]
Browser [e.g. chrome, safari]
Version [e.g. 22]
Smartphone (please complete the following information)
Device: [e.g. iPhone6]
OS: [e.g. iOS8.1]
Browser [e.g. stock browser, safari]
Firefox68.6 64bit
Version [e.g. 22]
Additional context
Add any other context about the problem here.
It's happens in cacti 1.2.10
The text was updated successfully, but these errors were encountered: