CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-11691
https://notcve.org/view.php?id=CVE-2017-11691
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. La vulnerabilidad de tipo cross-site-scripting (XSS) en el archivo auth_profile.php en Cacti versión 1.1.13, permite a los atacantes remotos inyectar scripts web o HTML arbitrarios por medio de encabezados Referer HTTP especialmente creados. • http://www.securityfocus.com/bid/100022 http://www.securitytracker.com/id/1038982 https://github.com/Cacti/cacti/commit/104090aeead4aa433bf1f18cd6d52dcfeb71236c https://github.com/Cacti/cacti/issues/867 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •