What is CVE-2018-20724?

CVE-2018-20724 is a cross-site scripting (XSS) vulnerability that exists in pollers.php in Cacti before version 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.

How does the XSS vulnerability in pollers.php affect Cacti?

The XSS vulnerability in pollers.php allows attackers to inject malicious scripts into the Website Hostname for Data Collectors, potentially leading to the execution of unauthorized code or the theft of sensitive information.

What is the severity of CVE-2018-20724?

The severity of CVE-2018-20724 is medium with a CVSS score of 4.8.

How can I fix the XSS vulnerability in Cacti?

To fix the XSS vulnerability in Cacti, upgrade to version 1.2.0 or later, which includes the necessary escaping of unintended characters in the Website Hostname for Data Collectors.

CWE-79 is a common weakness enumeration category for cross-site scripting (XSS) vulnerabilities, which are caused by improperly validated or sanitized user input being included in web pages.

Vulnerability/
CVE-2018-20724

medium

4.8

CWE

16/1/2019

5/8/2024

CVE-2018-20724: XSS

First published: Wed Jan 16 2019(Updated: )

A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Cacti Cacti	<1.2.0

Remedy

https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2018-20724?
CVE-2018-20724 is a cross-site scripting (XSS) vulnerability that exists in pollers.php in Cacti before version 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
How does the XSS vulnerability in pollers.php affect Cacti?
The XSS vulnerability in pollers.php allows attackers to inject malicious scripts into the Website Hostname for Data Collectors, potentially leading to the execution of unauthorized code or the theft of sensitive information.
What is the severity of CVE-2018-20724?
The severity of CVE-2018-20724 is medium with a CVSS score of 4.8.
How can I fix the XSS vulnerability in Cacti?
To fix the XSS vulnerability in Cacti, upgrade to version 1.2.0 or later, which includes the necessary escaping of unintended characters in the Website Hostname for Data Collectors.
What is CWE-79?
CWE-79 is a common weakness enumeration category for cross-site scripting (XSS) vulnerabilities, which are caused by improperly validated or sanitized user input being included in web pages.

collector/nvd-index
agent/weakness
agent/severity
agent/references
agent/author
agent/type
agent/tags
agent/event
agent/description
agent/remedy
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
collector/mitre-cve
source/MITRE
vendor/cacti
canonical/cacti cacti

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.