FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Cacti -- Cross-site scripting (XSS) vulnerability in link.php

Affected packages
1.0.0 <= cacti < 1.1.13

Details

VuXML ID dc3c66e8-6a18-11e7-93af-005056925db4
Discovery 2017-07-05
Entry 2017-07-17

kimiizhang reports:

Cross-site scripting (XSS) vulnerability in link.php in Cacti
1.1.12 allows remote anonymous users to inject arbitrary web
script or HTML via the id parameter.

References

CVE Name CVE-2017-10970
URL https://github.com/Cacti/cacti/issues/838
URL https://www.cacti.net/release_notes.php?version=1.1.13