Base Score

MEDIUM5.4

CVE-2018-10060

Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.

VectorNETWORK

Published Bycve@mitre.org

Published DateApr 12, 2018, 16:29

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

5.4

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE

References

http://www.securitytracker.com/id/1040620
https://github.com/Cacti/cacti/issues/1457
https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html
https://www.cacti.net/changelog.php

Base Score

MEDIUM5.4

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

5.4

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE