← Back

CVE-2020-7106

nvd nist
Published: Jan 16, 2020Modified: Nov 21, 2024

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS).

Affected (11)

Products: Cacti: Cacti · Debian: Debian Linux · Opensuse: Backports Sle, Leap · +2 more
Show all products
Cacti: Cacti · Debian: Debian Linux · Opensuse: Backports Sle, Leap · Suse: Package Hub · Fedoraproject: Extra Packages For Enterprise Linux, Fedora
Cacti
1 product
Cacti
Debian
1 product
Debian Linux
Opensuse
2 products
Backports Sle
Leap
Suse
1 product
Package Hub
Fedoraproject
2 products
Extra Packages For Enterprise Linux
Fedora
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Cacti
Before 1.2.9
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 8.0
Debian Linux
Version 9.0
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Backports Sle
Version 15.0 sp1
Leap
Version 15.1
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Package Hub
All versions
Running on/withPlatform Versions
Suse
Linux Enterprise
Version 12.0
Configuration E
5 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Extra Packages For Enterprise Linux
Version 7.0
Extra Packages For Enterprise Linux
Version 8.0
Extra Packages For Enterprise Linux
Version 9.0
Fedoraproject
Fedora
Version 30
Fedora
Version 31

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (22)

Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.