Debian Bug report logs -
#872478
cacti: CVE-2017-12927: XSS in spikekillphp via method parameter
Package:
src:cacti;
Maintainer for src:cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Thu, 17 Aug 2017 19:21:01 UTC
Severity: important
Ta ...
A cross-site scripting vulnerability exists in Cacti in the method parameter in spikekillphp (CVE-2017-12927)
The lib/htmlphp script in Cacti has a XSS vulnerability via the title field of an external link added by an authenticated user (CVE-2017-12978) ...