Cacti "auth_profile.php" Cross-Site Scripting Vulnerability Fixed by 1.1.14


Description   (#A cross-site scripting vulnerability was reported in Cacti.#An authenticated remote attacker could exploit it via specially crafted HTTP Referer headers in order to execute arbitrary JavaScript or HTML code.##This vulnerability is located in the user profile management page (auth_profile.php).##A proof of concept is available.##Updated, 29/07/2017:#The cacti packages provided by FreeBSD are vulnerable.)
     
Vulnerable Products   Vulnerable OS:
FreeBSD (FreeBSD) - AllVulnerable Software:
Cacti (The Cacti Group) - 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, ..., 1.1.5, 1.1.6, 1.1.7, 1.1.8, 1.1.9
     
Solution   Version 1.14 of Cacti fixes this vulnerability.
     
CVE   CVE-2017-11691
     
References   - Cacti : Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 #867
https://github.com/Cacti/cacti/issues/867
- Cacti : Release Notes - 1.1.14
https://www.cacti.net/release_notes.php?version=1.1.14
- VuXML : Cacti -- Cross-site scripting (XSS) vulnerability in auth_profile.php
https://www.vuxml.org/freebsd/f86d0e5d-7467-11e7-93af-005056925db4.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Code injection in HTTP User-Agent detected
4.1.2
XSS - Prevention : suspicious tag or javascript found in header
5.0.0
XSS - Prevention : suspicious 'document.cookie' found in header
5.0.0
XSS - Prevention : suspicious 'script' tag found in header
5.0.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2017-07-25 

 Target Type 
Client 

 Possible exploit 
Remote