Download
| Alert*
oval:org.secpod.oval:def:1800714
CVE-2017-10970: Cross-site scripting vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php. oval:org.secpod.oval:def:56024 The host is installed with Cacti version 1.1.12 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle the issue in aggregate_graphs.php component. Successful exploitation allows remote authenticated attackers to inject arbitrary web script ... |