CVE-2018-20726

Опубликовано: 16 янв. 2019

Источник: debian

Описание

A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
cacti	fixed	1.2.1+ds1-1		package
cacti	not-affected		stretch	package
cacti	not-affected		jessie	package

Примечания

https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d
https://github.com/Cacti/cacti/issues/2213
Introduced by https://github.com/Cacti/cacti/commit/c42051908312340b168182ba809ea9bf47243331 (v1.0)

Связанные уязвимости

CVE-2018-20726

CVSS3: 5.4

ubuntu

около 7 лет назад

A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.

CVE-2018-20726

CVSS3: 5.4

nvd

около 7 лет назад

A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.

GHSA-39rw-hw3x-2qp8

CVSS3: 5.4

github

больше 3 лет назад

A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.

openSUSE-SU-2020:0272-1

suse-cvrf

почти 6 лет назад

Security update for cacti, cacti-spine

openSUSE-SU-2020:0558-1

suse-cvrf

почти 6 лет назад

Security update for cacti, cacti-spine