Описание
Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in form_save() function in data_queries.php is not thoroughly checked and is used to concatenate the HTML statement in grow_right_pane_tree() function from lib/html.php , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 1.2.27+ds1-2 |
| esm-apps/bionic | released | 1.1.38+ds1-1ubuntu0.1~esm3 |
| esm-apps/focal | released | 1.2.10+ds1-1ubuntu1.1 |
| esm-apps/jammy | released | 1.2.19+ds1-2ubuntu1.1 |
| esm-apps/noble | released | 1.2.26+ds1-1ubuntu0.1 |
| esm-apps/xenial | released | 0.8.8f+ds1-4ubuntu4.16.04.2+esm2 |
| esm-infra-legacy/trusty | released | 0.8.8b+dfsg-5ubuntu0.2+esm2 |
| focal | released | 1.2.10+ds1-1ubuntu1.1 |
| jammy | released | 1.2.19+ds1-2ubuntu1.1 |
| mantic | ignored | end of life, was needs-triage |
Показывать по
5.7 Medium
CVSS3
Связанные уязвимости
Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.
Cacti provides an operational monitoring and fault management framewor ...
Уязвимость функции form_save() (data_queries.php) программного средства мониторинга сети Cacti, позволяющая нарушителю выполнить межсайтовый скриптинг
5.7 Medium
CVSS3