Описание
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| cacti | fixed | 1.1.18+ds1-1 | package | |
| cacti | not-affected | stretch | package | |
| cacti | not-affected | jessie | package | |
| cacti | not-affected | wheezy | package |
Примечания
https://github.com/Cacti/cacti/commit/9c610a7a4e29595dcaf7d7082134e4b89619ea24
https://github.com/Cacti/cacti/issues/918
Связанные уязвимости
CVSS3: 5.4
ubuntu
больше 8 лет назад
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.
CVSS3: 5.4
nvd
больше 8 лет назад
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.
CVSS3: 5.4
github
больше 3 лет назад
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.
