CVE-2020-23226 — Cross-site Scripting in Cacti

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

1.3%

top 20.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cacti Debian Cacti Debian Linux

Timeline

PublishedAug 27

Latest updateMay 24

Description

Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

▶debiandebian/cacti< cacti 1.2.13+ds1-1 (bookworm)

▶Debiancacti/cacti< 1.2.13+ds1-1+3

▶NVDcacti/cacti1.2.12

Also affects: Debian Linux 10.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-9q9c-4r34-4wcw: Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1↗2022-05-24

▶

OSV

CVE-2020-23226: Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1↗2021-08-27

▶

📋Vendor Advisories

Debian

CVE-2020-23226: cacti - Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1...↗2020

▶