Vulnerabilities > Cacti > Cacti > 1.1.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-04-12 | CVE-2018-10059 | Cross-site Scripting vulnerability in Cacti Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name. | 5.4 |
2017-08-21 | CVE-2017-12978 | Cross-site Scripting vulnerability in Cacti lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. | 5.4 |
2017-08-01 | CVE-2017-12066 | Cross-site Scripting vulnerability in Cacti Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. | 5.4 |
2017-08-01 | CVE-2017-12065 | Unspecified vulnerability in Cacti spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter. | 9.8 |