Download
| Alert*
oval:org.secpod.oval:def:63837
The host is installed with Cacti 1.2.8 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle an input validation error. Successful exploitation could allow attackers to cause cross-site scripting. oval:org.secpod.oval:def:1801981 Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to tr ... oval:org.secpod.oval:def:2003997 Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php . |