Title: Ntop v.4.0.3 (64 bit) - Cross Site Scripting
Type: Remote
Impact: Cross-Site Scripting
Release Date: 02.08.2012
Release mode: Coordinated release

Summary
=======

ntop is a network probe that shows network usage in a way similar to what
top does for processes. In interactive mode, it displays the network status
on the user's terminal. In Web mode, it acts as a web server, creating a
HTML dump of the network status. It sports a NetFlow/sFlow
emitter/collector, a HTTP-based client interface for creating ntop-centric
monitoring applications, and RRD for persistently storing traffic
statistics.

Description
===========

A reflected Cross Site Scripting vulnerability was found in Ntop, because
the application fails to sanitize user-supplied
input. The vulnerability can be triggered by any user.


Vendor
======

Ntop - http://www.ntop.org/


Affected Version
================

v.4.0.3 (64 bit)

PoC
===

GET
/plugins/rrdPlugin?action=arbreq&which=graph&arbfile=TEST">[XSS]&arbiface=eth0&start=1343344529&end=1343348129&counter=&title=Active+End+Nodes&mode=zoom
HTTP/1.1


Credits
=======

Vulnerability discovered by Marcos Garcia (@artsweb)


Solution
========

Upgrade to Ntop v5.0 (
http://sourceforge.net/projects/ntop/files/ntop/Stable/)