Lucene search

K

Cacti 0.8.7 - graph_view.php?filter Cross-Site Scripting

๐Ÿ—“๏ธย 12 Feb 2008ย 00:00:00Reported byย aSciiTypeย 
exploitpack
ย exploitpack
๐Ÿ‘ย 6ย Views

Cacti 0.8.7 Cross-Site Scripting & SQL Injection Vulnerabilitie

Show more
Code
source: https://www.securityfocus.com/bid/27749/info
  
Cacti is prone to multiple unspecified input-validation vulnerabilities, including:
  
- Multiple cross-site scripting vulnerabilities
- Multiple SQL-injection vulnerabilities
- An HTTP response-splitting vulnerability.
  
Attackers may exploit these vulnerabilities to influence or misrepresent how web content is served, cached, or interpreted, to compromise the application, to access or modify data, to exploit vulnerabilities in the underlying database, or to execute arbitrary script code in the browser of an unsuspecting user.
  
These issues affect Cacti 0.8.7a and prior versions. 

http://www.example.com/cacti/graph_view.php?action=list&page=1&host_id=0&graph_template_id=8&filter=onmouseover=javascript:alert(/XSS/)

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo