diff options
| -rw-r--r-- | security/vuxml/vuln.xml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index ce070379e24d..d32b6b0c5bc8 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,35 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="f86d0e5d-7467-11e7-93af-005056925db4"> + <topic>Cacti -- Cross-site scripting (XSS) vulnerability in auth_profile.php</topic> + <affects> + <package> + <name>cacti</name> + <range><eq>1.1.13</eq></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>kimiizhang reports:</p> + <blockquote cite="https://github.com/Cacti/cacti/issues/867"> + <p>Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti + 1.1.13 allows remote authenticated users to inject arbitrary web script + or HTML via specially crafted HTTP Referer headers.</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/Cacti/cacti/issues/867</url> + <url>https://www.cacti.net/release_notes.php?version=1.1.14</url> + <cvename>CVE-2017-11691</cvename> + </references> + <dates> + <discovery>2017-07-20</discovery> + <entry>2017-07-29</entry> + </dates> + </vuln> + <vuln vid="770d7e91-72af-11e7-998a-08606e47f965"> <topic>proftpd -- user chroot escape vulnerability</topic> <affects> |