Mantis Bugtracker

Viewing Issue Advanced Details Jump to Notes ] View Simple ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0001245 [Cacti] Security major always 2008-05-15 05:57 2008-08-04 14:03
Reporter fgeek View Status public  
Assigned To rony
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 0.8.7b Product Version
  Target Version Product Build
Summary 0001245: XSS-vulnerability
Description I found XSS-vulnerability from cacti. I tested this in Debian etch version 0.8.6i-3.4, but i beleive it is working in other versions too. I'm more than happy install newest version and test it later today.

This is only one example: http://example.com/cacti/data_input.php?action="><SCRIPT>alert("XSS")</SCRIPT> [^]
Steps To Reproduce
Additional Information
Tags No tags attached.
Attached Files

- Relationships

-  Notes
(0003201)
fgeek (reporter)
2008-05-15 08:17

User row reported in #cacti that he was using 0.8.7b (Ubuntu) and it didn't work with him. He tested with FF2.
(0003203)
gandalf (developer)
2008-05-19 13:57

Please verify with latest cacti version. 086k and 087b both included a bunch of XSS fixes.
(0003204)
fgeek (reporter)
2008-05-19 15:37

Ok. Nice to see that it has been fixed. I'm sorry that I didn't test this in newest version before reporting a bug.
(0003256)
rony (administrator)
2008-08-04 14:03

Issue was resolved please refer to the release notes.

- Issue History
Date Modified Username Field Change
2008-05-15 05:57 fgeek New Issue
2008-05-15 06:55 bfek-18 Issue Monitored: bfek-18
2008-05-15 08:17 fgeek Note Added: 0003201
2008-05-19 13:57 gandalf Note Added: 0003203
2008-05-19 13:57 gandalf Status new => feedback
2008-05-19 15:37 fgeek Note Added: 0003204
2008-05-19 15:41 fgeek Issue Monitored: fgeek
2008-08-04 14:02 rony Status feedback => assigned
2008-08-04 14:02 rony Assigned To => rony
2008-08-04 14:03 rony Note Added: 0003256
2008-08-04 14:03 rony Status assigned => closed
2008-08-04 14:03 rony Resolution open => fixed
2008-08-04 14:03 rony Fixed in Version => 0.8.7b


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker