Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cacti cacti |
||
debian debian linux 8.0 |
||
debian debian linux 9.0 |
||
opensuse leap 15.1 |
||
opensuse backports sle 15.0 |
||
suse package_hub - |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
fedoraproject extra packages for enterprise linux 8.0 |
||
fedoraproject extra packages for enterprise linux 9.0 |
||
fedoraproject extra packages for enterprise linux 7.0 |