CVE-2019-11025

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.3

Description The issue arises from the lack of escaping in the clearFilter() function within utilities.php, specifically when printing the value of the SNMP community string (SNMP Options) in the View poller cache. This leads to a Cross-Site Scripting (XSS) issue. XSS is a type of security vulnerability that allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or control.

Recommendations For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider disabling the clearFilter() function until a patch is available. Restrict access to the View poller cache to minimize the risk of exploitation. Avoid using the SNMP community string in the View poller cache until the issue is resolved.