6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.0005 Low
EPSS
Percentile
17.1%
cacti is vulnerable to a cross-site scripting (XSS). The vulnerability exists in the graphs_new.php
file. The file is responsible for processing POST requests that are used to create new graphs. The vulnerability occurs when the file fails to properly sanitize user input. This can allow an attacker to inject malicious code into the request, which will then be executed by the victim’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
cacti:sid | eq | 1.2.15+ds1-2 | |
cacti:sid | eq | 1.2.16+ds1-2 | |
cacti:sid | eq | 1.2.15+ds1-2 | |
cacti:sid | eq | 1.2.16+ds1-2 |