A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
{ "binaries": [ { "binary_name": "cacti", "binary_version": "0.8.8b+dfsg-5ubuntu0.2+esm2" } ] }
{ "binaries": [ { "binary_name": "cacti", "binary_version": "0.8.8f+ds1-4ubuntu4.16.04.2+esm2" } ] }
{ "binaries": [ { "binary_name": "cacti", "binary_version": "1.1.38+ds1-1ubuntu0.1~esm4" } ] }