CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2018-10061
https://notcve.org/view.php?id=CVE-2018-10061
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used). Cacti, en versiones anteriores a la 1.1.37, tiene Cross-Site Scripting (XSS) debido a que realiza ciertas llamadas htmlspecialchars sin la marca ENT_QUOTES (estas llamadas ocurren cuando no se emplea la función html_escape en lib/html.php). • http://www.securitytracker.com/id/1040620 https://github.com/Cacti/cacti/issues/1457 https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html https://www.cacti.net/changelog.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10059
https://notcve.org/view.php?id=CVE-2018-10059
Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name. Cacti, en versiones anteriores a la 1.1.37, tiene Cross-Site Scripting (XSS) debido a que la función get_current_page en lib/functions.php depende de $_SERVER['PHP_SELF'] en lugar de $_SERVER['SCRIPT_NAME'] para determinar un nombre de página. • http://www.securitytracker.com/id/1040620 https://github.com/Cacti/cacti/issues/1457 https://www.cacti.net/changelog.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-15194
https://notcve.org/view.php?id=CVE-2017-15194
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. include/global_session.php en Cacti 1.1.25 tiene XSS relacionado con (1) la URI o (2) la acción refresh page. • http://www.securitytracker.com/id/1039569 https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd https://github.com/Cacti/cacti/issues/1010 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •