CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20723
https://notcve.org/view.php?id=CVE-2018-20723
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. Existe una vulnerabilidad Cross-Site Scripting (XSS) en color_templates.php en Cacti, en versiones anteriores a la 1.2.0, debido a la falta de escapado de caracteres no planeados en el campo Name de un color. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html https://github.com/Cacti/cacti/blob/develop/CHANGELOG https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d https://github.com/Cacti/cacti/issues/2215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-20725
https://notcve.org/view.php?id=CVE-2018-20725
A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label. Existe una vulnerabilidad Cross-Site Scripting (XSS) en graph_templates.php en Cacti, en versiones anteriores a la 1.2.0, debido a la falta de escapado de caracteres no planeados en Graph Vertical Label. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html https://github.com/Cacti/cacti/blob/develop/CHANGELOG https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d https://github.com/Cacti/cacti/issues/2214 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2018-10061
https://notcve.org/view.php?id=CVE-2018-10061
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used). Cacti, en versiones anteriores a la 1.1.37, tiene Cross-Site Scripting (XSS) debido a que realiza ciertas llamadas htmlspecialchars sin la marca ENT_QUOTES (estas llamadas ocurren cuando no se emplea la función html_escape en lib/html.php). • http://www.securitytracker.com/id/1040620 https://github.com/Cacti/cacti/issues/1457 https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html https://www.cacti.net/changelog.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2018-10060
https://notcve.org/view.php?id=CVE-2018-10060
Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. Cacti, en versiones anteriores a la 1.1.37, tiene Cross-Site Scripting (XSS) debido a que no rechaza correctamente los caracteres no deseados. Esto se relaciona con el uso de la función sanitize_uri en lib/functions.php. • http://www.securitytracker.com/id/1040620 https://github.com/Cacti/cacti/issues/1457 https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html https://www.cacti.net/changelog.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10059
https://notcve.org/view.php?id=CVE-2018-10059
Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name. Cacti, en versiones anteriores a la 1.1.37, tiene Cross-Site Scripting (XSS) debido a que la función get_current_page en lib/functions.php depende de $_SERVER['PHP_SELF'] en lugar de $_SERVER['SCRIPT_NAME'] para determinar un nombre de página. • http://www.securitytracker.com/id/1040620 https://github.com/Cacti/cacti/issues/1457 https://www.cacti.net/changelog.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •