CVE-2018-10061

Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
References
Link Resource
https://www.cacti.net/changelog.php Release Notes Vendor Advisory
https://github.com/Cacti/cacti/issues/1457 Exploit Patch
http://www.securitytracker.com/id/1040620 Third Party Advisory VDB Entry
https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html Mailing List Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Information

Published : 2018-04-12 04:29

Updated : 2022-05-24 01:01


NVD link : CVE-2018-10061

Mitre link : CVE-2018-10061

Products Affected
No products.
CWE