NotCVE - vendor:"Cacti" product:"Cacti" version:"1.1.17"

Page 10 of 48 results (0.008 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-10059

https://notcve.org/view.php?id=CVE-2018-10059

Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name. Cacti, en versiones anteriores a la 1.1.37, tiene Cross-Site Scripting (XSS) debido a que la función get_current_page en lib/functions.php depende de $_SERVER['PHP_SELF'] en lugar de $_SERVER['SCRIPT_NAME'] para determinar un nombre de página. • http://www.securitytracker.com/id/1040620 https://github.com/Cacti/cacti/issues/1457 https://www.cacti.net/changelog.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-12978

https://notcve.org/view.php?id=CVE-2017-12978

lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. lib/html.php en Cacti en versiones anteriores a la 1.1.18 tiene una vulnerabilidad de tipo Cross-Site Scripting (XSS) que se puede producir mediante el campo de título de un enlace externo añadido por un usuario autenticado. • http://www.securitytracker.com/id/1039226 https://github.com/Cacti/cacti/blob/develop/docs/CHANGELOG https://github.com/Cacti/cacti/commit/9c610a7a4e29595dcaf7d7082134e4b89619ea24 https://github.com/Cacti/cacti/issues/918 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2017-12927

https://notcve.org/view.php?id=CVE-2017-12927

A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. Existe una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Cacti 1.1.17 en el parámetro method en spikekill.php. • http://www.securityfocus.com/bid/100490 http://www.securitytracker.com/id/1039208 https://github.com/Cacti/cacti/commit/a032ce0be6a4ea47862c594e40a619ac8de1ef99 https://github.com/Cacti/cacti/issues/907 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...8 9 10