Download
| Alert*
oval:org.secpod.oval:def:1800714
CVE-2017-10970: Cross-site scripting vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php. oval:org.secpod.oval:def:2001165 A cross-site scripting vulnerability exists in host.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices. oval:org.secpod.oval:def:2001005 A cross-site scripting vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label. oval:org.secpod.oval:def:2000993 A cross-site scripting vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors. oval:org.secpod.oval:def:2001570 A cross-site scripting vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color. oval:org.secpod.oval:def:56005 The host is installed with Cacti before 1.2.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the website hostname field for devices. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56003 The host is installed with Cacti before 1.2.3 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the view poller cache. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56025 The host is installed with Cacti version 1.1.12 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle the issue in link.php component. Successful exploitation allows remote authenticated attackers to inject arbitrary web script or HTML via ... oval:org.secpod.oval:def:56024 The host is installed with Cacti version 1.1.12 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle the issue in aggregate_graphs.php component. Successful exploitation allows remote authenticated attackers to inject arbitrary web script ... oval:org.secpod.oval:def:56008 The host is installed with Cacti before 1.2.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the name field for a color. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56007 The host is installed with Cacti before 1.2.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the website hostname for data collectors. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:56006 The host is installed with Cacti before 1.2.0 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a issue in the Graph Vertical Label component. Successful exploitation could allow attackers to execute arbitrary code. oval:org.secpod.oval:def:112614 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:112797 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:112613 Cacti is a complete frontend to RRDTool. It stores all of the necessary information to create graphs and populate them with data in a MySQL database. The frontend is completely PHP driven. oval:org.secpod.oval:def:1901819 In clearFilter in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string in the View poller cache, leading to XSS. |