| Anonymous | Login | Signup for a new account | 2010-02-08 18:19 EST |
| Main | My View | View Issues | Change Log | Roadmap | Docs |
| Viewing Issue Advanced Details [ Jump to Notes ] | [ View Simple ] [ Issue History ] [ Print ] | ||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | ||
| 0001245 | [Cacti] Security | major | always | 2008-05-15 05:57 | 2008-08-04 14:03 | ||
| Reporter | fgeek | View Status | public | ||||
| Assigned To | rony | ||||||
| Priority | normal | Resolution | fixed | Platform | |||
| Status | closed | OS | |||||
| Projection | none | OS Version | |||||
| ETA | none | Fixed in Version | 0.8.7b | Product Version | |||
| Target Version | Product Build | ||||||
| Summary | 0001245: XSS-vulnerability | ||||||
| Description |
I found XSS-vulnerability from cacti. I tested this in Debian etch version 0.8.6i-3.4, but i beleive it is working in other versions too. I'm more than happy install newest version and test it later today. This is only one example: http://example.com/cacti/data_input.php?action="><SCRIPT>alert("XSS")</SCRIPT> [^] |
||||||
| Steps To Reproduce | |||||||
| Additional Information | |||||||
| Tags | No tags attached. | ||||||
| Attached Files | |||||||
|
|
|||||||
 Relationships |
|
|
Notes |
|
|
(0003201) fgeek (reporter) 2008-05-15 08:17 |
User row reported in #cacti that he was using 0.8.7b (Ubuntu) and it didn't work with him. He tested with FF2. |
|
(0003203) gandalf (developer) 2008-05-19 13:57 |
Please verify with latest cacti version. 086k and 087b both included a bunch of XSS fixes. |
|
(0003204) fgeek (reporter) 2008-05-19 15:37 |
Ok. Nice to see that it has been fixed. I'm sorry that I didn't test this in newest version before reporting a bug. |
|
(0003256) rony (administrator) 2008-08-04 14:03 |
Issue was resolved please refer to the release notes. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2008-05-15 05:57 | fgeek | New Issue | |
| 2008-05-15 06:55 | bfek-18 | Issue Monitored: bfek-18 | |
| 2008-05-15 08:17 | fgeek | Note Added: 0003201 | |
| 2008-05-19 13:57 | gandalf | Note Added: 0003203 | |
| 2008-05-19 13:57 | gandalf | Status | new => feedback |
| 2008-05-19 15:37 | fgeek | Note Added: 0003204 | |
| 2008-05-19 15:41 | fgeek | Issue Monitored: fgeek | |
| 2008-08-04 14:02 | rony | Status | feedback => assigned |
| 2008-08-04 14:02 | rony | Assigned To | => rony |
| 2008-08-04 14:03 | rony | Note Added: 0003256 | |
| 2008-08-04 14:03 | rony | Status | assigned => closed |
| 2008-08-04 14:03 | rony | Resolution | open => fixed |
| 2008-08-04 14:03 | rony | Fixed in Version | => 0.8.7b |
| Mantis 1.1.6[^] Copyright © 2000 - 2008 Mantis Group |  |
