Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.
CVSS Score
5.4
EPSS Score
0.003
Published
2018-04-12
Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
CVSS Score
5.4
EPSS Score
0.007
Published
2018-04-12
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
CVSS Score
5.4
EPSS Score
0.01
Published
2018-04-12
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-11-24
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).
CVSS Score
8.8
EPSS Score
0.011
Published
2017-11-15
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-08-21
spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.
CVSS Score
9.8
EPSS Score
0.033
Published
2017-08-01
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-08-01
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.
CVSS Score
8.8
EPSS Score
0.003
Published
2016-04-13
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action.
CVSS Score
8.8
EPSS Score
0.005
Published
2016-04-12