CVE-2020-7106
CVSS v3.1
6.1 (Medium)
CVSS v2.0
4.3 (Medium)
EPSS
1.78 % (88th)
Affected Products
8
Advisories
14
Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).
Weaknesses
- CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE Status
- PUBLISHED
- CNA
- MITRE
- Published Date
-
2020-01-16 04:15:11
(4 years ago) - Updated Date
-
2023-11-07 03:25:42
(10 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
AND |
|
---|
Configuration #5
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...