Page 9 of 95 results (0.003 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices. Existe una vulnerabilidad Cross-Site Scripting (XSS) en host.php (mediante tree.php) en Cacti, en versiones anteriores a la 1.2.0, debido a la falta de escapado de caracteres no planeados en el campo Website Hostname de Devices. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html https://github.com/Cacti/cacti/blob/develop/CHANGELOG https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d https://github.com/Cacti/cacti/issues/2213 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. Existe una vulnerabilidad Cross-Site Scripting (XSS) en color_templates.php en Cacti, en versiones anteriores a la 1.2.0, debido a la falta de escapado de caracteres no planeados en el campo Name de un color. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html https://github.com/Cacti/cacti/blob/develop/CHANGELOG https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d https://github.com/Cacti/cacti/issues/2215 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label. Existe una vulnerabilidad Cross-Site Scripting (XSS) en graph_templates.php en Cacti, en versiones anteriores a la 1.2.0, debido a la falta de escapado de caracteres no planeados en Graph Vertical Label. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html https://github.com/Cacti/cacti/blob/develop/CHANGELOG https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d https://github.com/Cacti/cacti/issues/2214 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors. Existe una vulnerabilidad Cross-Site Scripting (XSS) en pollers.php en Cacti, en versiones anteriores a la 1.2.0, debido a la falta de escapado de caracteres no planeados en el campo nombre de host del sitio web para los recolectores de datos. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html https://github.com/Cacti/cacti/blob/develop/CHANGELOG https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53 https://github.com/Cacti/cacti/issues/2212 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1

Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. Cacti, en versiones anteriores a la 1.1.37, tiene Cross-Site Scripting (XSS) debido a que no rechaza correctamente los caracteres no deseados. Esto se relaciona con el uso de la función sanitize_uri en lib/functions.php. • http://www.securitytracker.com/id/1040620 https://github.com/Cacti/cacti/issues/1457 https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html https://www.cacti.net/changelog.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •