logo

Database

Server side cross-site scripting In cacti

Description

A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-207232. NVD-2018-207233. OSV-DEBIAN-2018-207234. OSV-2018-207235. SECURITY-TRACKER-CVE-2018-20723

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.