CVE-2018-10061: XSS
First published: Thu Apr 12 2018(Updated: )
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cacti Cacti | <=1.1.36 | |
| Debian Debian Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2018-10061.
What is the severity level of CVE-2018-10061?
CVE-2018-10061 has a severity level of medium.
What is the Common Vulnerabilities and Exposures (CVE) score for CVE-2018-10061?
The Common Vulnerabilities and Exposures (CVE) score for CVE-2018-10061 is 5.4.
How does CVE-2018-10061 affect Cacti?
CVE-2018-10061 affects Cacti versions up to and including 1.1.36.
How can I fix the XSS vulnerability in Cacti?
To fix the XSS vulnerability in Cacti, you should update to version 1.1.37 or later.
- collector/nvd-index
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/type
- agent/event
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- agent/remedy
- collector/mitre-cve
- source/MITRE
- vendor/cacti
- canonical/cacti cacti
- version/cacti cacti/1.1.36
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0