Cacti prior to 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cacti cacti |
||
debian debian linux 9.0 |