Cacti -- Cross-site scripting (XSS) vulnerability in auth_profile.php

2017-07-20T00:00:00
ID F86D0E5D-7467-11E7-93AF-005056925DB4
Type freebsd
Reporter FreeBSD
Modified 2017-07-20T00:00:00

Description

kimiizhang reports:

Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.