HomePentest-Tools.com Logo

Cacti < 1.1.37 Multiple XSS Vulnerabilities - Windows CVE-2018-10059CVE-2018-10060CVE-2018-10061

Severity
CVSSv3 Score
5.4
Vulnerability description

Cacti is prone to multiple cross-site scripting vulnerabilities.

Risk description

Cacti is prone to multiple cross-site scripting vulnerabilities: - XSS because the get_current_page function in lib/functions.php relies on $_SERVER[PHP_SELF] instead of $_SERVER[SCRIPT_NAME] to determine a page name (CVE-2018-10059) - XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php (CVE-2018-10060) - XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (CVE-2018-10061)

Recommendation

Update to version 1.1.37 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Apr 12, 2018
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available