Exploitation Summary
EIP tracks 1 public exploit for CVE-2014-5464. PoCs published by Steffen Bauch.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in ntopng 1.2.0 by injecting malicious script code via the HTTP Host header. The vulnerability arises due to lack of sanitization in the nDPI traffic classification library, allowing arbitrary JavaScript execution in the web frontend.
Description
Cross-site scripting (XSS) vulnerability in the nDPI traffic classification library in ntopng (aka ntop) before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in ntopng 1.2.0 by injecting malicious script code via the HTTP Host header. The vulnerability arises due to lack of sanitization in the nDPI traffic classification library, allowing arbitrary JavaScript execution in the web frontend.