FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Cacti -- Cross-site scripting (XSS) vulnerability in auth_profile.php

Affected packages
		cacti	=	1.1.13

Details

VuXML ID	f86d0e5d-7467-11e7-93af-005056925db4
Discovery	2017-07-20
Entry	2017-07-29

kimiizhang reports:

Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.

[source]

References

CVE Name	CVE-2017-11691
URL	https://github.com/Cacti/cacti/issues/867
URL	https://www.cacti.net/release_notes.php?version=1.1.14