4.3
CVSSv2

CVE-2017-16785

Published: 10/11/2017 Updated: 27/11/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.

Affected Products

Vendor Product Versions
CactiCacti1.1.27

Vendor Advisories

Cacti 1127 has reflected XSS via the PATH_INFO to hostphp ...
Debian Bug report logs - #881110 cacti: CVE-2017-16641: arbitrary execution of os commands via path_rrdtool parameter in an action=save request Package: src:cacti; Maintainer for src:cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 7 ...
Arch Linux Security Advisory ASA-201712-2 ========================================= Severity: High Date : 2017-12-02 CVE-ID : CVE-2017-16641 CVE-2017-16660 CVE-2017-16661 CVE-2017-16785 Package : cacti Type : multiple issues Remote : Yes Link : securityarchlinuxorg/AVG-537 Summary ======= The package cacti before version 11 ...