CVE-2018-20726

Priority
Description
A cross-site scripting (XSS) vulnerability exists in host.php (via
tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended
characters in the Website Hostname field for Devices.
Notes
Package
Source: cacti (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needs-triage)
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.10 (Eoan Ermine):needs-triage
Ubuntu 20.04 (Focal Fossa):needs-triage
More Information

Updated: 2020-01-29 18:54:24 UTC (commit 40f18bf14da5fb50662e1f861ea594a462b207fe)