logo

Database

Server side cross-site scripting In cacti

Description

A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2020-257062. NVD-2020-257063. OSV-DEBIAN-2020-257064. OSV-2020-257065. SECURITY-TRACKER-CVE-2020-25706

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.