Your submission was sent successfully! Close

CVE-2017-11691

Published: 27 July 2017

Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.

Priority

Medium

CVSS 3 base score: 5.4

Status

Package Release Status
cacti
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(1.1.38+ds1-1)
cosmic Not vulnerable
(1.1.38+ds1-1)
precise Does not exist

trusty Does not exist
(trusty was not-affected [code not present])
upstream
Released (1.1.15+ds1-1)
xenial Not vulnerable
(code not present)
zesty Ignored
(reached end-of-life)