Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
CVSS Score
5.4
EPSS Score
0.007
Published
2018-04-12
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
CVSS Score
5.4
EPSS Score
0.01
Published
2018-04-12
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-10-11
Page 6