Vulnerabilities > Cacti > Cacti > 1.1.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-01 | CVE-2017-12066 | Cross-site Scripting vulnerability in Cacti Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. | 5.4 |
| 2017-08-01 | CVE-2017-12065 | Unspecified vulnerability in Cacti spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. | 9.8 |