CVE-2017-12978

Public on 2017-08-21

Modified on 2017-10-02

Description

lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.

Severity

Medium

CVSS v3 Base Score

5.4

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 1	cacti	2017-10-02	ALAS-2017-904	Fixed