CVE-2018-20724

Опубликовано: 16 янв. 2019

Источник: debian

EPSS Низкий

Описание

A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
cacti	fixed	1.2.1+ds1-1		package
cacti	not-affected		stretch	package
cacti	not-affected		jessie	package

Примечания

https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53
https://github.com/Cacti/cacti/issues/2212

EPSS

Процентиль: 68%

0.00583

Низкий

Связанные уязвимости

CVE-2018-20724

CVSS3: 4.8

ubuntu

около 7 лет назад

A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.

CVE-2018-20724

CVSS3: 4.8

nvd

около 7 лет назад

A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.

GHSA-cqqq-p7hm-4wmf

CVSS3: 4.8

github

больше 3 лет назад

A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.

openSUSE-SU-2020:0272-1

suse-cvrf

почти 6 лет назад

Security update for cacti, cacti-spine

openSUSE-SU-2020:0558-1

suse-cvrf

почти 6 лет назад

Security update for cacti, cacti-spine

EPSS

Процентиль: 68%

0.00583

Низкий