Cacti Security Vulnerabilities and Issues — Cacti CVE List

Lucene search

CactiCacti

5 matches found

CVE•added 2017/07/06 11:29 a.m.•55 views

CVE-2017-10970

Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php.

5.4CVSS5.3AI score0.00223EPSS

CVE•added 2017/07/27 6:29 a.m.•52 views

CVE-2017-11691

Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.

5.4CVSS5.4AI score0.00484EPSS

CVE•added 2017/07/17 1:18 p.m.•47 views

CVE-2017-1000032

Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php.

6.1CVSS6.6AI score0.00196EPSS

CVE•added 2017/07/10 6:29 p.m.•45 views

CVE-2017-11163

Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable.

5.4CVSS5.1AI score0.00223EPSS

CVE•added 2017/07/17 1:18 p.m.•43 views

CVE-2017-1000031

SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.

8.8CVSS9.2AI score0.01092EPSS