CVE-2017-12927Cross-site Scripting in Cacti

CWE-79Cross-site Scripting7 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.5%
top 33.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
CactiDebian Cacti
Timeline
PublishedAug 18
Latest updateMay 17

Description

A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

debiandebian/cacti< cacti 1.1.17+ds1-2 (bookworm)
Debiancacti/cacti< 1.1.17+ds1-2+3
NVDcacti/cacti1.1.17

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-w66g-pq85-j4vq: A cross-site scripting vulnerability exists in Cacti 12022-05-17
OSV
CVE-2017-12927: A cross-site scripting vulnerability exists in Cacti 12017-08-18

📋Vendor Advisories

1
Debian
CVE-2017-12927: cacti - A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parame...2017

💬Community

3
Bugzilla
CVE-2017-12927 CVE-2017-12978 cacti: various flaws [epel-all]2017-08-24
Bugzilla
CVE-2017-12927 CVE-2017-12978 cacti: various flaws [fedora-all]2017-08-24
Bugzilla
CVE-2017-12927 cacti: cross-site scripting vulnerability in spikekill.php2017-08-24