Cacti Security Vulnerabilities and Issues — Cacti CVE List

Lucene search

CactiCacti

4 matches found

CVE•added 2017/08/01 5:29 a.m.•57 views

CVE-2017-12065

spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.

9.8CVSS9.6AI score0.03315EPSS

CVE•added 2017/08/01 5:29 a.m.•51 views

CVE-2017-12066

Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete ...

5.4CVSS6.4AI score0.0024EPSS

CVE•added 2017/08/18 2:29 a.m.•51 views

CVE-2017-12927

A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.

6.1CVSS5.7AI score0.00519EPSS

CVE•added 2017/08/21 7:29 a.m.•50 views

CVE-2017-12978

lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.

5.4CVSS5.3AI score0.00302EPSS