Vulnerabilities > Cacti > Cacti > 1.1.17

DATE CVE VULNERABILITY TITLE RISK
2018-04-12 CVE-2018-10060 Cross-site Scripting vulnerability in multiple products
Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
network
cacti debian CWE-79
3.5
3.5
2018-04-12 CVE-2018-10059 Cross-site Scripting vulnerability in Cacti
Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.
network
cacti CWE-79
3.5
3.5
2017-08-21 CVE-2017-12978 Cross-site Scripting vulnerability in Cacti
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.
network
cacti CWE-79
3.5
3.5
2017-08-18 CVE-2017-12927 Cross-site Scripting vulnerability in Cacti 1.1.17
A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.
network
cacti CWE-79
4.3
4.3