-
-
Notifications
You must be signed in to change notification settings - Fork 397
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 #838
Comments
cigamit
added a commit
that referenced
this issue
Jul 5, 2017
Cross-site Scripting (XSS) issue with link.php
Resolved. Thanks for reporting. |
@cigamit just in case you want to mention it in the changelog, this issue got an CVE assigned: CVE-2017-10970 |
Updated CHANGELOG. Thanks Paul! |
Hi. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
By xiaotian.wang@DBAppSecurity.com.cn
Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter.
eg:
http://192.168.1.206/cacti/link.php?id=1"</td><script>alert(/cacti/)</script>
The text was updated successfully, but these errors were encountered: