A cross-site scripting vulnerability exists in Cacti in the method parameter in spikekillphp (CVE-2017-12927)
The lib/htmlphp script in Cacti has a XSS vulnerability via the title field of an external link added by an authenticated user (CVE-2017-12978) ...