VDB

DEBIAN-CVE-2017-11163

DEBIAN-CVE-2017-11163 PUBLISHED CVSS 5.400000095367432 MEDIUM

Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable.

Risk Scores

CVSS 3.0
5.400000095367432
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersions
Debian:11cacti0, 0, 0
Debian:12cacti0, 0, 0
Debian:13cacti0, 0, 0
Debian:14cacti0

Timeline

  • Jul 10, 2017 CVE Published
  • May 10, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›