CVE-2017-1000032 — Cross-site Scripting in Cacti

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 58.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cacti Debian Cacti

Timeline

PublishedJul 17

Latest updateMay 17

Description

Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶debiandebian/cacti< cacti 0.8.8b+dfsg-6 (bookworm)

▶Debiancacti/cacti< 0.8.8b+dfsg-6+3

▶NVDcacti/cacti0.8.8b

🔴Vulnerability Details

GHSA

GHSA-52gv-6m78-wchq: Cross-Site scripting (XSS) vulnerabilities in Cacti 0↗2022-05-17

▶

OSV

CVE-2017-1000032: Cross-Site scripting (XSS) vulnerabilities in Cacti 0↗2017-07-17

▶

📋Vendor Advisories

Debian

CVE-2017-1000032: cacti - Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attacker...↗2017

▶