Key Information Summary Vulnerability Details Vulnerability Type: XSS (Cross-Site Scripting) Affected Software: ntopng 1.2.0 Fixed Version: ntopng 1.2.1 Vulnerability Description: - The web frontend of ntopng contains an XSS injection vulnerability. By forging the HTTP Host request header, attackers can inject script code into monitored network traffic. - The HTTP Host request header line is extracted via the nDPI traffic classification library and is used unfiltered in multiple locations in the frontend (such as host overview and specific subpages for each monitored host). - Injected code can execute JavaScript under the privileges of the current ntopng user, enabling malicious actions such as disabling monitoring functions or deleting accounts, rendering the monitoring system unusable. Exploitation Example A Python script example is provided to perform an XSS attack on the monitored network. The victim must browse the host overview or host details page in the ntopng frontend. Other Impacts Other Potentially Affected Code: Other users of nDPI code may also be affected. Vulnerability Identification CVE ID: CVE-2014-5464 Discoverer: Steffen Bauch Related Links ntopng Patch Announcement Steffen Bauch's Twitter: @steffenbauch Steffen Bauch's Personal Website: http://stef Aus - Steffen Bauch's Personal Website: http://stef Aus - Steffen Bauch's Personal Website: http://stef Aus - Steffen Bauch's Personal Website: http://stef Aus - Steffen Bauch's Personal Website: http://stef Aus