FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Cacti -- Cross-site scripting (XSS) vulnerability in auth_profile.php

Affected packages
cacti = 1.1.13

Details

VuXML ID f86d0e5d-7467-11e7-93af-005056925db4
Discovery 2017-07-20
Entry 2017-07-29

kimiizhang reports:

Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.

References

CVE Name CVE-2017-11691
URL https://github.com/Cacti/cacti/issues/867
URL https://www.cacti.net/release_notes.php?version=1.1.14