CVE-2018-10059

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.1.37

Description: The issue arises from the get current page function in lib/functions.php, which relies on $ SERVER['PHP SELF'] instead of $ SERVER['SCRIPT NAME'] to determine a page name, leading to a cross-site scripting (XSS) issue.

Recommendations: For versions prior to 1.1.37, update to version 1.1.37 or later to resolve the issue.