Cacti

Cacti

155 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 1.03%
  • Veröffentlicht 16.01.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:02:02

A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.

Exploit
  • EPSS 1.03%
  • Veröffentlicht 16.01.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:02:02

A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.

Exploit
  • EPSS 1.03%
  • Veröffentlicht 16.01.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:02:02

A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.

Exploit
  • EPSS 1.05%
  • Veröffentlicht 16.01.2019 16:29:00
  • Zuletzt bearbeitet 21.11.2024 04:02:02

A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.

Exploit
  • EPSS 1.16%
  • Veröffentlicht 12.04.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:40:44

Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.

Exploit
  • EPSS 1.01%
  • Veröffentlicht 12.04.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:40:44

Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.

Exploit
  • EPSS 1.05%
  • Veröffentlicht 12.04.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 03:40:44

Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).

  • EPSS 2.49%
  • Veröffentlicht 24.11.2017 05:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerabi...

  • EPSS 1.67%
  • Veröffentlicht 15.11.2017 16:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).

Exploit
  • EPSS 0.99%
  • Veröffentlicht 10.11.2017 23:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.