CVE-2017-12066 - OpenCVE

Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cacti	Cacti

Configuration 1 [-]

cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://cacti.net/release_notes.php?version=1.1.16
https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e
https://github.com/Cacti/cacti/issues/877

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-08-01T05:00:00

Updated: 2024-08-05T18:28:15.052Z

Reserved: 2017-07-31T00:00:00

Link: CVE-2017-12066

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-08-01T05:29:00.290

Modified: 2017-08-02T17:48:53.790

Link: CVE-2017-12066

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-07-31T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-01T04:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://cacti.net/release_notes.php?version=1.1.16"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Cacti/cacti/issues/877"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-12066", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://cacti.net/release_notes.php?version=1.1.16", "refsource": "CONFIRM", "url": "https://cacti.net/release_notes.php?version=1.1.16"}, {"name": "https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e", "refsource": "CONFIRM", "url": "https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e"}, {"name": "https://github.com/Cacti/cacti/issues/877", "refsource": "CONFIRM", "url": "https://github.com/Cacti/cacti/issues/877"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T18:28:15.052Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cacti.net/release_notes.php?version=1.1.16"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Cacti/cacti/issues/877"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-12066", "datePublished": "2017-08-01T05:00:00", "dateReserved": "2017-07-31T00:00:00", "dateUpdated": "2024-08-05T18:28:15.052Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*", "matchCriteriaId": "A36ACCD5-4309-4B3A-AC08-578B0B95F53E", "versionEndIncluding": "1.1.15", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163."}, {"lang": "es", "value": "Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en aggregate_graphs.php en Cacti en versiones anteriores a la 1.1.16 permite que los usuarios remotos autenticados inyecten scripts web arbitrarios o HTML mediante cabeceras de referenciadores HTTP especialmente creadas en relaci\u00f3n con la variable $cancel_url. NOTA: esta vulnerabilidad existe porque hay una parche incompleto (falta el flag htmlspecialchars ENT_QUOTES) para CVE-2017-11163."}], "id": "CVE-2017-12066", "lastModified": "2017-08-02T17:48:53.790", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-01T05:29:00.290", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://cacti.net/release_notes.php?version=1.1.16"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/Cacti/cacti/issues/877"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}