CVE-2017-10970 — Cross-site Scripting in Cacti

CWE-79 — Cross-site Scripting8 documents5 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 54.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cacti Debian Cacti

Timeline

PublishedJul 6

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

▶debiandebian/cacti< cacti 1.1.12+ds1-1 (bookworm)

▶Debiancacti/cacti< 1.1.12+ds1-1+3

▶NVDcacti/cacti1.1.12

🔴Vulnerability Details

GHSA

GHSA-fg3c-pj38-fxr2: Cross-site scripting (XSS) vulnerability in link↗2022-05-17

▶

OSV

CVE-2017-10970: Cross-site scripting (XSS) vulnerability in link↗2017-07-06

▶

📋Vendor Advisories

Debian

CVE-2017-10970: cacti - Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remo...↗2017

▶

💬Community

Bugzilla

CVE-2017-10970 cacti: XSS in link.php [epel-all]↗2017-07-12

▶

Bugzilla

CVE-2017-11163 cacti: XSS in aggregate_graphs.php↗2017-07-12

▶

Bugzilla

CVE-2017-10970 cacti: XSS in link.php↗2017-07-12

▶

Bugzilla

CVE-2017-10970 cacti: XSS in link.php [fedora-all]↗2017-07-12

▶