Back to search
CVE-2020-7106
Published: Jan 16, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/Cacti/cacti/issues/3191
x_refsource_MISC
[debian-lts-announce] 20200118 [SECURITY] [DLA 2069-1] cacti security update
mailing-list
x_refsource_MLIST
FEDORA-2020-0fc6dd0fd2
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-90f1c8229e
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2020:0272
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2020:0284
vendor-advisory
x_refsource_SUSE
GLSA-202003-40
vendor-advisory
x_refsource_GENTOO
openSUSE-SU-2020:0558
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2020:0565
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2020:0654
vendor-advisory
x_refsource_SUSE
[debian-lts-announce] 20220329 [SECURITY] [DLA 2965-1] cacti security update
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now