Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.
https://github.com/Cacti/cacti/issues/1071