CVE-2018-10059

Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.
References
Link Resource
https://www.cacti.net/changelog.php Vendor Advisory
https://github.com/Cacti/cacti/issues/1457 Exploit Patch
http://www.securitytracker.com/id/1040620 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*

Information

Published : 2018-04-12 04:29

Updated : 2019-03-07 07:14


NVD link : CVE-2018-10059

Mitre link : CVE-2018-10059

Products Affected
No products.
CWE