Name of the Vulnerable Software and Affected Versions ntopng version 1.1

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the host parameter in the lua/host details.lua file.

Recommendations For ntopng version 1.1, consider restricting access to the lua/host details.lua file until a patch is available. As a temporary workaround, avoid using the host parameter in the affected lua/host details.lua file to minimize the risk of exploitation.