CVE-2018-20723
- EPSS 1.03%
- Veröffentlicht 16.01.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:02:02
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
CVE-2018-20724
- EPSS 1.03%
- Veröffentlicht 16.01.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:02:02
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
CVE-2018-20725
- EPSS 1.03%
- Veröffentlicht 16.01.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:02:02
A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
CVE-2018-20726
- EPSS 1.05%
- Veröffentlicht 16.01.2019 16:29:00
- Zuletzt bearbeitet 21.11.2024 04:02:02
A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
CVE-2018-10059
- EPSS 1.16%
- Veröffentlicht 12.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:40:44
Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.
CVE-2018-10060
- EPSS 1.01%
- Veröffentlicht 12.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:40:44
Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
CVE-2018-10061
- EPSS 1.05%
- Veröffentlicht 12.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:40:44
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
CVE-2016-10700
- EPSS 2.49%
- Veröffentlicht 24.11.2017 05:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerabi...
CVE-2014-4000
- EPSS 1.67%
- Veröffentlicht 15.11.2017 16:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).
CVE-2017-16785
- EPSS 0.99%
- Veröffentlicht 10.11.2017 23:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.