CVE-2018-10059

Опубликовано: 12 апр. 2018

Источник: ubuntu

Приоритет: medium

CVSS2: 3.5

CVSS3: 5.4

Описание

Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	not-affected	1.1.38+ds1-1
cosmic	ignored	end of life
devel	not-affected	1.1.38+ds1-1
disco	not-affected	1.1.38+ds1-1
eoan	not-affected	1.1.38+ds1-1
esm-apps/bionic	not-affected	1.1.38+ds1-1
esm-apps/xenial	not-affected	code not present
esm-infra-legacy/trusty	not-affected	code not present
precise/esm	DNE

Показывать по

Ссылки на источники

3.5 Low

CVSS2

5.4 Medium

CVSS3

Связанные уязвимости

CVE-2018-10059

CVSS3: 5.4

nvd

почти 8 лет назад

Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.

CVE-2018-10059

CVSS3: 5.4

debian

почти 8 лет назад

Cacti before 1.1.37 has XSS because the get_current_page function in l ...

GHSA-v3j4-242x-4vhx

CVSS3: 5.4

github

больше 3 лет назад

Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.

3.5 Low

CVSS2

5.4 Medium

CVSS3

CVE-2018-10059

Описание

Пакет cacti

Ссылки на источники

Связанные уязвимости