In clearFilter in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string in the View poller cache, leading to XSS.