From this issue : #847 , the Cacti vendor has published the latest 1.1.13 to fix two XSS vuls.
But I just found a new xss vul in 1.1.13, plz donnt say its the same issue or ask why is there a new CVE number? Because it's a real vul in the latest 1.1.13.
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
Request with the special crafted referer header: http://192.168.1.206/cacti/auth_profile.php?action=edit Referer: test4fun';alert(1)//
Click the 'Return' button in the bottom of the page like this:
Xss alert.
The text was updated successfully, but these errors were encountered:
ziqiang.wang@dbappsecurity.com.cn
From this issue : #847 , the Cacti vendor has published the latest 1.1.13 to fix two XSS vuls.
But I just found a new xss vul in 1.1.13, plz donnt say its the same issue or ask why is there a new CVE number? Because it's a real vul in the latest 1.1.13.
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
Request with the special crafted referer header:
http://192.168.1.206/cacti/auth_profile.php?action=editReferer: test4fun';alert(1)//Click the 'Return' button in the bottom of the page like this:

Xss alert.

The text was updated successfully, but these errors were encountered: