CVE-2018-10060

Опубликовано: 12 апр. 2018

Источник: debian

Описание

Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
cacti	fixed	1.1.37+ds1-1		package
cacti	no-dsa		jessie	package
cacti	no-dsa		wheezy	package

Примечания

https://github.com/Cacti/cacti/issues/1457
https://github.com/Cacti/cacti/commit/ddaec1c5ac2dc759a201feecbc91698e7bbeefba (v1.1.37)
https://github.com/Cacti/cacti/commit/a02f223f4e9427b0411a3f25672fd86764e63b54 (v1.1.37)
https://github.com/Cacti/cacti/commit/3ba47881c5f8f6a01606a5afd4f1934e32d97e92 (v1.1.37)
https://github.com/Cacti/cacti/commit/1707956caa2c854cbcf684a33d108519e89a5909 (v1.1.37)

Связанные уязвимости

CVE-2018-10060

CVSS3: 5.4

ubuntu

почти 8 лет назад

Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.

CVE-2018-10060

CVSS3: 5.4

nvd

почти 8 лет назад

Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.

GHSA-qw2p-jwcj-4m42

CVSS3: 5.4

github

больше 3 лет назад

Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.