cigamit

8 exploits Active since Jul 2017
CVE-2017-11691 WRITEUP MEDIUM WRITEUP
Cacti 1.1.13 - XSS
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
CVSS 5.4
CVE-2017-12065 WRITEUP CRITICAL WRITEUP
Cacti <1.1.16 - RCE
spikekill.php in Cacti before 1.1.16 might allow remote attackers to execute arbitrary code via the avgnan, outlier-start, or outlier-end parameter.
CVSS 9.8
CVE-2017-12066 WRITEUP MEDIUM WRITEUP
Cacti <1.1.16 - XSS
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163.
CVSS 5.4
CVE-2017-12927 WRITEUP MEDIUM WRITEUP
Cacti - XSS
A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.
CVSS 6.1
CVE-2018-20723 WRITEUP MEDIUM WRITEUP
Cacti < 1.2.0 - XSS
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
CVSS 4.8
CVE-2018-20724 WRITEUP MEDIUM WRITEUP
Cacti < 1.2.0 - XSS
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
CVSS 4.8
CVE-2018-20725 WRITEUP MEDIUM WRITEUP
Cacti < 1.2.0 - XSS
A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
CVSS 4.8
CVE-2018-20726 WRITEUP MEDIUM WRITEUP
Cacti < 1.2.0 - XSS
A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
CVSS 5.4