Vulnerability Description
Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cacti | Cacti | 1.2.12 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://github.com/Cacti/cacti/issues/3549ExploitIssue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/03/msg00038.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/12/msg00039.htmlMailing ListThird Party Advisory
- https://github.com/Cacti/cacti/issues/3549ExploitIssue TrackingThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/03/msg00038.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2022/12/msg00039.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2020-23226?
CVE-2020-23226 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admi...
How severe is CVE-2020-23226?
CVE-2020-23226 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-23226?
Check the references section above for vendor advisories and patch information. Affected products include: Cacti Cacti, Debian Debian Linux.