CVE-2018-20726

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-20726

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-20726.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-20726

Related

Published

2019-01-16T16:29:00Z

Modified

2024-08-01T09:09:52.774178Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.

References

Affected packages

Debian:11 / cacti

Package

Name: cacti
Purl: pkg:deb/debian/cacti?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.1+ds1-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / cacti

Package

Name: cacti
Purl: pkg:deb/debian/cacti?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.1+ds1-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / cacti

Package

Name: cacti
Purl: pkg:deb/debian/cacti?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.1+ds1-1

Ecosystem specific

{
    "urgency": "low"
}

Git / github.com/cacti/cacti

Affected ranges

Type: GIT
Repo: https://github.com/cacti/cacti
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

80c2a88fb2afb93f87703ba4641f9970478c102d

Affected versions

release/1.*

release/1.2.0-beta1

release/1.2.0-beta2

release/1.2.0-beta3

release/1.2.0-beta4