2018-04-12 16:00:00
mitre
PUBLISHED
Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER[PHP_SELF] instead of $_SERVER[SCRIPT_NAME] to determine a page name.