SB2019011716 - Fedora EPEL 7 update for cacti, cacti-spine

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019011716

SB2019011716 - Fedora EPEL 7 update for cacti, cacti-spine

Published: January 17, 2019 Updated: April 24, 2025

Security Bulletin ID SB2019011716
Severity
Low
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Cross-site scripting (CVE-ID: CVE-2018-20723)

The vulnerability allows a remote privileged user to read and manipulate data.

A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.


2) Cross-site scripting (CVE-ID: CVE-2018-20724)

The vulnerability allows a remote privileged user to read and manipulate data.

A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.


3) Cross-site scripting (CVE-ID: CVE-2018-20725)

The vulnerability allows a remote privileged user to read and manipulate data.

A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.


4) Cross-site scripting (CVE-ID: CVE-2018-20726)

The vulnerability allows a remote authenticated user to read and manipulate data.

A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.


Remediation

Install update from vendor's website.

References