A cross-site scripting (XSS) vulnerability exists in templatesimport.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xmlpath field
{ "binaries": [ { "binary_name": "cacti", "binary_version": "0.8.8b+dfsg-5ubuntu0.2+esm2" } ] }
{ "binaries": [ { "binary_name": "cacti", "binary_version": "1.1.38+ds1-1ubuntu0.1~esm4" } ] }
{ "binaries": [ { "binary_name": "cacti", "binary_version": "1.2.10+ds1-1ubuntu1.1+esm2" } ] }