We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Description - There's no escape being done before printing out the value of Hostname value in the Data collectors table. Cacti version - v1.1.38
Hostname
Steps to reproduce -
Navigate to http://localhost/cacti/pollers.php?action=edit&id=1 & add the below shared payload as the Hostname field value.
Payload - <img src=xss onerror=alert(1)>
<img src=xss onerror=alert(1)>
Visit http://localhost/cacti/pollers.php, payload will be triggered.
The text was updated successfully, but these errors were encountered:
Resolving Issue #2212
1f42478
Stored XSS in "Website Hostname" field
Resolved. Thanks!
Sorry, something went wrong.
No branches or pull requests
Description -
There's no escape being done before printing out the value of
Hostname
value in the Data collectors table.Cacti version - v1.1.38
Steps to reproduce -
Navigate to http://localhost/cacti/pollers.php?action=edit&id=1 & add the below shared payload as the
Hostname
field value.Payload -
<img src=xss onerror=alert(1)>
Visit http://localhost/cacti/pollers.php, payload will be triggered.
The text was updated successfully, but these errors were encountered: