Filtered by vendor Cacti Subscriptions
Total 129 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2018-20725 1 Cacti 1 Cacti 2024-11-21 N/A
A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
CVE-2018-20724 1 Cacti 1 Cacti 2024-11-21 N/A
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
CVE-2018-20723 1 Cacti 1 Cacti 2024-11-21 N/A
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
CVE-2018-10061 2 Cacti, Debian 2 Cacti, Debian Linux 2024-11-21 5.4 Medium
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
CVE-2018-10060 2 Cacti, Debian 2 Cacti, Debian Linux 2024-11-21 5.4 Medium
Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.
CVE-2018-10059 1 Cacti 1 Cacti 2024-11-21 N/A
Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.
CVE-2017-16785 1 Cacti 1 Cacti 2024-11-21 N/A
Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.
CVE-2017-16661 1 Cacti 1 Cacti 2024-11-21 N/A
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.
CVE-2017-16660 1 Cacti 1 Cacti 2024-11-21 N/A
Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.
CVE-2017-16641 1 Cacti 1 Cacti 2024-11-21 N/A
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
CVE-2017-15194 1 Cacti 1 Cacti 2024-11-21 N/A
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.
CVE-2017-12978 1 Cacti 1 Cacti 2024-11-21 N/A
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.
CVE-2017-12927 1 Cacti 1 Cacti 2024-11-21 N/A
A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.
CVE-2017-12066 1 Cacti 1 Cacti 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163.
CVE-2017-12065 1 Cacti 1 Cacti 2024-11-21 N/A
spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.
CVE-2017-11691 1 Cacti 1 Cacti 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
CVE-2017-11163 1 Cacti 1 Cacti 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable.
CVE-2017-10970 1 Cacti 1 Cacti 2024-11-21 N/A
Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php.
CVE-2017-1000032 1 Cacti 1 Cacti 2024-11-21 N/A
Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php.
CVE-2017-1000031 1 Cacti 1 Cacti 2024-11-21 N/A
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.