Base Score

MEDIUM5.4

CVE-2017-12978

lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.

VectorNETWORK

Published Bycve@mitre.org

Published DateAug 21, 2017, 07:29

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

5.4

Vector String

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE

References

http://www.securitytracker.com/id/1039226
https://github.com/Cacti/cacti/blob/develop/docs/CHANGELOG
https://github.com/Cacti/cacti/commit/9c610a7a4e29595dcaf7d7082134e4b89619ea24
https://github.com/Cacti/cacti/issues/918

Base Score

MEDIUM5.4

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

5.4

Vector String

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE