VDB
CVE-2020-14424
CVE-2020-14424
PUBLISHED
Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.
EPSS 0.39% · 60.1th percentile
Risk Scores
EPSS Score
0.39%
60.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | cacti | *, 1.1.27+ds1-3, 1.1.28+ds1-2 |
| Ubuntu:Pro:20.04:LTS | cacti | 1.2.4+ds1-2ubuntu3, 1.2.9+ds1-1ubuntu1, 1.2.10+ds1-1ubuntu1 |
Timeline
- Jul 5, 2021 CVE Published
- Nov 14, 2021 PoC Published
- Nov 15, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 9, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 30, 2022 EPSS Score
- Jun 24, 2022 EPSS Score
- Aug 20, 2022 EPSS Score
- Oct 14, 2022 EPSS Score
- Dec 8, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-14424 third-party-advisory
- https://github.com/Cacti/cacti/pull/4261 third-party-advisory
- https://github.com/Cacti/cacti/commit/d12800ab479ad95a091bc577f28fd99ec95eb64c third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2001016 third-party-advisory
- https://ubuntu.com/security/notices/USN-5214-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-14424 third-party-advisory