Andermat8

#12253de 53,635
22.3CVSS total
Vulnerabilidades · 4
Média
4
PT-2018-9648
5.4
2018-04-12
Cacti · Cacti · CVE-2018-10059
Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.1.37 Description: The issue arises from the get current page function in lib/functions.php, which relies on $ SERVER['PHP SELF'] instead of $ SERVER['SCRIPT NAME'] to determine a page name, leading to a cross-site scripting (XSS) issue. Recommendations: For versions prior to 1.1.37, update to version 1.1.37 or later to resolve the issue.
PT-2018-9649
5.4
2018-04-12
Cacti · Cacti · CVE-2018-10060
Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.1.37 Description: The issue arises from the software's failure to properly reject unintended characters, which is related to the use of the `sanitize uri` function in `lib/functions.php`. This can lead to a cross-site scripting (XSS) attack. Recommendations: For versions prior to 1.1.37, update to version 1.1.37 or later to resolve the issue. As a temporary workaround, consider restricting access to the `sanitize uri` function in `lib/functions.php` until a patch is available.
PT-2018-9650
5.4
2018-04-12
Cacti · Cacti · CVE-2018-10061
Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.1.37 Description: The issue arises from certain htmlspecialchars calls being made without the ENT QUOTES flag. This occurs when the html escape function in lib/html.php is not used, leading to XSS. Recommendations: For versions prior to 1.1.37, update to version 1.1.37 or later to resolve the issue. As a temporary workaround, consider modifying the htmlspecialchars calls to include the ENT QUOTES flag until a patch is available. Restrict access to potentially vulnerable pages to minimize the risk of exploitation.
PT-2017-13887
6.1
2017-10-10
Cacti · Cacti · CVE-2017-15194
**Name of the Vulnerable Software and Affected Versions** Cacti version 1.1.25 **Description** The issue is related to XSS in the include/global session.php file. This is due to the handling of (1) the URI or (2) the refresh page. **Recommendations** For Cacti version 1.1.25, update to a version that includes a fix for this issue, as using outdated versions may pose a security risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.