Описание
In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS.
Ссылки
- Release NotesThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Release NotesThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.3 (исключая)
cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00678
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
ubuntu
почти 7 лет назад
In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS.
CVSS3: 5.4
debian
почти 7 лет назад
In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping o ...
CVSS3: 5.4
github
больше 3 лет назад
In clearFilter() in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache, leading to XSS.
EPSS
Процентиль: 71%
0.00678
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79