Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 #867

Closed
kimiizhang opened this issue Jul 20, 2017 · 2 comments

Comments

Projects
None yet
3 participants
@kimiizhang
Copy link

commented Jul 20, 2017

ziqiang.wang@dbappsecurity.com.cn

From this issue : #847 , the Cacti vendor has published the latest 1.1.13 to fix two XSS vuls.
But I just found a new xss vul in 1.1.13, plz donnt say its the same issue or ask why is there a new CVE number? Because it's a real vul in the latest 1.1.13.

Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.

  1. Request with the special crafted referer header:
    http://192.168.1.206/cacti/auth_profile.php?action=edit
    Referer: test4fun';alert(1)//

  2. Click the 'Return' button in the bottom of the page like this:
    image

  3. Xss alert.
    image

cigamit added a commit that referenced this issue Jul 21, 2017

Resolving Issue #867
Cross-site scripting (XSS) vulnerability in auth_profile.php
@cigamit

This comment has been minimized.

Copy link
Member

commented Jul 21, 2017

Resolve. Thanks for your efforts in making Cacti a better tool. Keep up the good work!

@cigamit cigamit closed this Jul 21, 2017

@carnil

This comment has been minimized.

Copy link

commented Jul 27, 2017

This issue has been assigned CVE-2017-11691

cigamit added a commit that referenced this issue Jul 27, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.