CVE-2017-16785Cross-site Scripting in Cacti

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 60.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
CactiDebian Cacti
Timeline
PublishedNov 10
Latest updateMay 17

Description

Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

debiandebian/cacti< cacti 1.1.27+ds1-3 (bookworm)
Debiancacti/cacti< 1.1.27+ds1-3+3
NVDcacti/cacti1.1.27

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-phfg-xr8c-mgv4: Cacti 12022-05-17
OSV
CVE-2017-16785: Cacti 12017-11-10

📋Vendor Advisories

1
Debian
CVE-2017-16785: cacti - Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.2017