Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13

Question

Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13

kimiizhang opened this issue 7 years ago · comments

ziqiang.wang@dbappsecurity.com.cn

From this issue : #847 , the Cacti vendor has published the latest 1.1.13 to fix two XSS vuls.
But I just found a new xss vul in 1.1.13, plz donnt say its the same issue or ask why is there a new CVE number? Because it's a real vul in the latest 1.1.13.

Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.

Request with the special crafted referer header:
http://192.168.1.206/cacti/auth_profile.php?action=edit
Referer: test4fun';alert(1)//
Click the 'Return' button in the bottom of the page like this:
Xss alert.

Jimmy Conner · Answer 1 · Fri Jul 21 2017 08:03:01 GMT+0800 (China Standard Time)

Resolve. Thanks for your efforts in making Cacti a better tool. Keep up the good work!

Salvatore Bonaccorso · Answer 2 · Thu Jul 27 2017 13:08:05 GMT+0800 (China Standard Time)

This issue has been assigned CVE-2017-11691