VDB

CVE-2020-25706

CVE-2020-25706 PUBLISHED

A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field

EPSS 1.46% · 81.2th percentile

Risk Scores

EPSS Score
1.46%
81.2th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:14.04:LTScacti0.8.8b+dfsg-3, 0.8.8b+dfsg-5, 0.8.8b+dfsg-5ubuntu0.1
Ubuntu:Pro:20.04:LTScacti1.2.10+ds1-1ubuntu1.1+esm2, *, 0
Ubuntu:Pro:18.04:LTScacti0, 1.1.18+ds1-1, 1.1.28+ds1-2

Timeline

  • Nov 12, 2020 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
  • Jan 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›