CVE-2018-10061

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.1.37

Description: The issue arises from certain htmlspecialchars calls being made without the ENT QUOTES flag. This occurs when the html escape function in lib/html.php is not used, leading to XSS.

Recommendations: For versions prior to 1.1.37, update to version 1.1.37 or later to resolve the issue. As a temporary workaround, consider modifying the htmlspecialchars calls to include the ENT QUOTES flag until a patch is available. Restrict access to potentially vulnerable pages to minimize the risk of exploitation.