A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
{ "availability": "No subscription required", "binaries": [ { "binary_name": "cacti", "binary_version": "1.2.10+ds1-1ubuntu1" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_name": "cacti", "binary_version": "1.2.16+ds1-2ubuntu1" } ] }