Candidate: CVE-2018-20725
PublicDate: 2019-01-16 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20725
 https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d
 https://github.com/Cacti/cacti/issues/2214
 https://github.com/Cacti/cacti/blob/develop/CHANGELOG
Description:
 A cross-site scripting (XSS) vulnerability exists in graph_templates.php in
 Cacti before 1.2.0 due to lack of escaping of unintended characters in the
 Graph Vertical Label.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N [4.8 MEDIUM]


Patches_cacti:
 upstream: https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d
upstream_cacti: released (1.2.1)
precise/esm_cacti: DNE
trusty_cacti: ignored (reached end-of-life)
trusty/esm_cacti: DNE (trusty was needed)
xenial_cacti: ignored (end of standard support, was needed)
bionic_cacti: needed
cosmic_cacti: ignored (reached end-of-life)
disco_cacti: ignored (reached end-of-life)
eoan_cacti: ignored (reached end-of-life)
focal_cacti: not-affected (1.2.10+ds1-1ubuntu1)
groovy_cacti: ignored (reached end-of-life)
hirsute_cacti: not-affected (1.2.16+ds1-2ubuntu1)
impish_cacti: not-affected (1.2.16+ds1-2ubuntu1)
jammy_cacti: not-affected (1.2.16+ds1-2ubuntu1)
devel_cacti: not-affected (1.2.16+ds1-2ubuntu1)