The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cacti

computer vulnerability note CVE-2018-20723

Cacti: Cross Site Scripting via Name Color

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Name Color of Cacti, in order to run JavaScript code in the context of the web site.
Impacted products: Cacti.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 03/01/2019.
Identifiers: 2215, CVE-2018-20723, VIGILANCE-VUL-28149.

Description of the vulnerability

The Cacti product offers a web service.

However, it does not filter received data via Name Color before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Name Color of Cacti, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-20725

Cacti: Cross Site Scripting via Vertical Label

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Vertical Label of Cacti, in order to run JavaScript code in the context of the web site.
Impacted products: Cacti.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 03/01/2019.
Identifiers: 2214, CVE-2018-20725, VIGILANCE-VUL-28148.

Description of the vulnerability

The Cacti product offers a web service.

However, it does not filter received data via Vertical Label before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Vertical Label of Cacti, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-20726

Cacti: Cross Site Scripting via Website Hostname Devices

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Website Hostname Devices of Cacti, in order to run JavaScript code in the context of the web site.
Impacted products: Cacti.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 03/01/2019.
Identifiers: 2213, CVE-2018-20726, VIGILANCE-VUL-28147.

Description of the vulnerability

The Cacti product offers a web service.

However, it does not filter received data via Website Hostname Devices before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Website Hostname Devices of Cacti, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2018-20724

Cacti: Cross Site Scripting via Website Hostname

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Website Hostname of Cacti, in order to run JavaScript code in the context of the web site.
Impacted products: Cacti.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 03/01/2019.
Identifiers: 2212, CVE-2018-20724, VIGILANCE-VUL-28146.

Description of the vulnerability

The Cacti product offers a web service.

However, it does not filter received data via Website Hostname before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via Website Hostname of Cacti, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 28145

Cacti: Cross Site Scripting via user_admin.php

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via user_admin.php of Cacti, in order to run JavaScript code in the context of the web site.
Impacted products: Cacti.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 03/01/2019.
Identifiers: 1882, VIGILANCE-VUL-28145.

Description of the vulnerability

The Cacti product offers a web service.

However, it does not filter received data via user_admin.php before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via user_admin.php of Cacti, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-10059 CVE-2018-10060 CVE-2018-10061

Cacti: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cacti, in order to run JavaScript code in the context of the web site.
Impacted products: Cacti, openSUSE Leap.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 26/03/2018.
Identifiers: 1457, CVE-2018-10059, CVE-2018-10060, CVE-2018-10061, openSUSE-SU-2018:0842-1, VIGILANCE-VUL-25643.

Description of the vulnerability

The Cacti product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Cacti, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-16785

Cacti: Cross Site Scripting via host.php PATH_INFO

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via host.php PATH_INFO of Cacti, in order to run JavaScript code in the context of the web site.
Impacted products: Cacti, Fedora, openSUSE Leap.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 13/11/2017.
Identifiers: 1071, CVE-2017-16785, FEDORA-2017-9762a831b2, FEDORA-2017-cf75844225, FEDORA-2017-d008ecf87a, openSUSE-SU-2017:3051-1, VIGILANCE-VUL-24415.

Description of the vulnerability

The Cacti product offers a web service.

However, it does not filter received data via host.php PATH_INFO before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via host.php PATH_INFO of Cacti, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-16660

Cacti: code execution via Log Path

Synthesis of the vulnerability

An attacker can use a vulnerability via Log Path of Cacti, in order to run code.
Impacted products: Cacti, Fedora, openSUSE Leap.
Severity: 2/4.
Consequences: user access/rights.
Provenance: privileged account.
Creation date: 09/11/2017.
Identifiers: 1066, CVE-2017-16660, FEDORA-2017-9762a831b2, FEDORA-2017-cf75844225, FEDORA-2017-d008ecf87a, openSUSE-SU-2017:3051-1, VIGILANCE-VUL-24400.

Description of the vulnerability

An attacker can use a vulnerability via Log Path of Cacti, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-16661

Cacti: file reading via Log Path

Synthesis of the vulnerability

A local attacker can read a file via Log Path of Cacti, in order to obtain sensitive information.
Impacted products: Cacti, Fedora, openSUSE Leap.
Severity: 1/4.
Consequences: data reading.
Provenance: privileged account.
Creation date: 09/11/2017.
Identifiers: 1066, CVE-2017-16661, FEDORA-2017-9762a831b2, FEDORA-2017-cf75844225, FEDORA-2017-d008ecf87a, openSUSE-SU-2017:3051-1, VIGILANCE-VUL-24399.

Description of the vulnerability

A local attacker can read a file via Log Path of Cacti, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-16641

Cacti: code execution via path_rrdtool

Synthesis of the vulnerability

An attacker can use a vulnerability via path_rrdtool of Cacti, in order to run code.
Impacted products: Cacti, Fedora, openSUSE Leap.
Severity: 3/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 08/11/2017.
Identifiers: 1057, CVE-2017-16641, FEDORA-2017-9762a831b2, FEDORA-2017-cf75844225, FEDORA-2017-d008ecf87a, openSUSE-SU-2017:3051-1, VIGILANCE-VUL-24378.

Description of the vulnerability

An attacker can use a vulnerability via path_rrdtool of Cacti, in order to run code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cacti: