VulnerableCode Package Details - pkg:deb/debian/cacti@1.1.37%2Bds1-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2z9e-eg1f-bqg5	Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.	CVE-2018-10060
VCID-7dp4-9zks-mbgd	Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).	CVE-2018-10061
VCID-c4w5-q88d-z3hg	Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.	CVE-2018-10059

Vulnerability

Summary

Aliases

VCID-2z9e-eg1f-bqg5

Cacti before 1.1.37 has XSS because it does not properly reject unintended characters, related to use of the sanitize_uri function in lib/functions.php.

CVE-2018-10060

VCID-7dp4-9zks-mbgd

Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used).

CVE-2018-10061

VCID-c4w5-q88d-z3hg

Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.

CVE-2018-10059

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:04:08.067062+00:00	Debian Importer	Fixing	VCID-2z9e-eg1f-bqg5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:39:22.723208+00:00	Debian Importer	Fixing	VCID-7dp4-9zks-mbgd	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:46:41.707436+00:00	Debian Importer	Fixing	VCID-c4w5-q88d-z3hg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:14:46.978324+00:00	Debian Importer	Fixing	VCID-2z9e-eg1f-bqg5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:56:26.980538+00:00	Debian Importer	Fixing	VCID-7dp4-9zks-mbgd	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:31:48.536538+00:00	Debian Importer	Fixing	VCID-c4w5-q88d-z3hg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:13:39.063077+00:00	Debian Importer	Fixing	VCID-2z9e-eg1f-bqg5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:12:19.636867+00:00	Debian Importer	Fixing	VCID-7dp4-9zks-mbgd	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:05:53.414405+00:00	Debian Importer	Fixing	VCID-c4w5-q88d-z3hg	https://security-tracker.debian.org/tracker/data/json	38.1.0