Vulnerabilities
Vulnerable Software
Cacti:  >> Cacti  >> 0.8.7g  Security Vulnerabilities
A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
CVSS Score
5.4
EPSS Score
0.005
Published
2019-01-16
Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.
CVSS Score
5.4
EPSS Score
0.003
Published
2018-04-12
Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
CVSS Score
5.4
EPSS Score
0.007
Published
2018-04-12
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
CVSS Score
5.4
EPSS Score
0.01
Published
2018-04-12
auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the guest user is not considered. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-2313.
CVSS Score
8.8
EPSS Score
0.007
Published
2017-11-24
Cacti before 1.0.0 allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object, related to calling unserialize(stripslashes()).
CVSS Score
8.8
EPSS Score
0.011
Published
2017-11-15
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.
CVSS Score
5.4
EPSS Score
0.003
Published
2017-08-21
spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.
CVSS Score
9.8
EPSS Score
0.033
Published
2017-08-01
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163.
CVSS Score
5.4
EPSS Score
0.002
Published
2017-08-01
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.
CVSS Score
8.8
EPSS Score
0.011
Published
2016-04-13


Contact Us

Shodan ® - All rights reserved