Vulnerabilities > Cacti > Cacti > 1.1.26
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-12 | CVE-2018-10060 | Cross-site Scripting vulnerability in multiple products Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php. | 3.5 |
2018-04-12 | CVE-2018-10059 | Cross-site Scripting vulnerability in Cacti Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name. | 3.5 |