CVE-2020-7106

CVSS v3.1 6.1 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 1.78 % (88^th)

Affected Products 8

Advisories 14

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).

Weaknesses

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2020-01-16 04:15:11
(4 years ago)
Updated Date: 2023-11-07 03:25:42
(10 months ago)

Affected Products

Cacti

Cacti

Debian

Debian Linux

Fedoraproject

Opensuse

Suse

Configuration #1

		CPE23	From	Up To
	Cacti prior 1.2.9 version	cpe:2.3:a:cacti:cacti		< 1.2.9

Configuration #2

		CPE23	From	Up To
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0
	Debian Linux 9.0	cpe:2.3:o:debian:debian_linux:9.0

Configuration #3

		CPE23	From	Up To
	Opensuse Backports Sle 15.0 SP1	cpe:2.3:a:opensuse:backports_sle:15.0:sp1
	Opensuse Leap 15.1	cpe:2.3:o:opensuse:leap:15.1

Configuration #4

AND

		CPE23
OR
	Suse Package Hub	cpe:2.3:a:suse:package_hub:-
OR
	Running on/with
	Suse Linux Enterprise 12.0	cpe:2.3:o:suse:linux_enterprise:12.0

Configuration #5

		CPE23	From	Up To
	Fedoraproject Extra Packages for Enterprise Linux 7.0	cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:7.0
	Fedoraproject Extra Packages for Enterprise Linux 8.0	cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0
	Fedoraproject Extra Packages for Enterprise Linux 9.0	cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:9.0
	Fedoraproject Fedora 30	cpe:2.3:o:fedoraproject:fedora:30
	Fedoraproject Fedora 31	cpe:2.3:o:fedoraproject:fedora:31