CVE-2018-20726
5.4
MEDIUM
CVSS 3.1
EPSS 0.51%
Description
A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
How to fix CVE-2018-20726
To remediate CVE-2018-20726, upgrade the affected package to a fixed version below.
- Debian/cacti—upgrade to 1.2.1+ds1-1 or later
Is CVE-2018-20726 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.2.1+ds1-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |