Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Page Navigation can be subject to XSS injection #2757

Closed
TheWitness opened this issue Jun 24, 2019 · 1 comment
Closed

Page Navigation can be subject to XSS injection #2757

TheWitness opened this issue Jun 24, 2019 · 1 comment
Labels
bug Undesired behaviour resolved A fixed issue
Milestone

Comments

@TheWitness
Copy link
Member

TheWitness commented Jun 24, 2019

Describe the bug
Cacti page navigation can be compromised by a custom crafred URL from a third party.

To Reproduce
Steps to reproduce the behavior:

  1. Modify use JavaScript to modify in-page the navigation $.get() handler to include script
  2. Click on a page number and notice that the script fires

Expected behavior
Cacti should be immune to attempts to modify JavaScript functions that inject script code.

Modified Pagination Code

1 to 10 of 17 [ <ul class='pagination'><li><a href='#' class='active'
onClick='gotopage(1);return false'>1</a></li><li><a href='#' onClick='gotopage(2);return
false'>2</a></li></ul><script type='text/javascript'>function gotopage(pageNo) { if (typeof
url_graph === 'function') { var url_add=url_graph('') } else { var url_add=''; };
$.get('/cacti/graph_view.php?action=tree_content&tree_id=11&leaf_id=0&node=tree_anchor-11'-
alert(2814)-'&hgd=&header=false&page='+pageNo+url_add).done(function(data) {
$('#main').html(data); applySkin(); }); }</script> ]
@TheWitness TheWitness added the bug Undesired behaviour label Jun 24, 2019
@TheWitness
Copy link
Member Author

It's not clear what the actual attack vector is for this. The test was made through modification of page code and executed through headless testing. So, real world scenarios are not clear. None the less, we will address this.

cigamit added a commit that referenced this issue Jun 25, 2019
Cacti Navigation is subject to XSS injection
@cigamit cigamit added the resolved A fixed issue label Jun 25, 2019
@cigamit cigamit added this to the v1.2.5 milestone Jun 25, 2019
@netniV netniV closed this as completed Jun 27, 2019
cigamit added a commit that referenced this issue Jun 30, 2019
Cacti Navigation is subject to XSS injection
@netniV netniV changed the title Cacti Navigation is subject to XSS injection Page Navigation can be subject to XSS injection Jul 14, 2019
@github-actions github-actions bot locked and limited conversation to collaborators Jun 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
bug Undesired behaviour resolved A fixed issue
Projects
None yet
Development

No branches or pull requests

3 participants