Cacti is vulnerable to Cross-Site Scripting (XSS). The vulnerability existed because no escaping occurs before printing out the value of the SNMP community string (SNMP Options) in the View poller cache.
CPE | Name | Operator | Version |
---|---|---|---|
cacti:buster | eq | 1.2.2+ds1-2+deb10u3 | |
cacti:buster | eq | 1.2.2+ds1-2+deb10u3 | |
cacti:stretch | eq | 0.8.8h+ds1-10+deb9u1 |