Title: Ntop v.4.0.3 (64 bit) - Cross Site Scripting Type: Remote Impact: Cross-Site Scripting Release Date: 02.08.2012 Release mode: Coordinated release Summary ======= ntop is a network probe that shows network usage in a way similar to what top does for processes. In interactive mode, it displays the network status on the user's terminal. In Web mode, it acts as a web server, creating a HTML dump of the network status. It sports a NetFlow/sFlow emitter/collector, a HTTP-based client interface for creating ntop-centric monitoring applications, and RRD for persistently storing traffic statistics. Description =========== A reflected Cross Site Scripting vulnerability was found in Ntop, because the application fails to sanitize user-supplied input. The vulnerability can be triggered by any user. Vendor ====== Ntop - http://www.ntop.org/ Affected Version ================ v.4.0.3 (64 bit) PoC === GET /plugins/rrdPlugin?action=arbreq&which=graph&arbfile=TEST">[XSS]&arbiface=eth0&start=1343344529&end=1343348129&counter=&title=Active+End+Nodes&mode=zoom HTTP/1.1 Credits ======= Vulnerability discovered by Marcos Garcia (@artsweb) Solution ======== Upgrade to Ntop v5.0 ( http://sourceforge.net/projects/ntop/files/ntop/Stable/)