Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2018-10059

Cacti before 1.1.37 has XSS because the get_current_page function in lib/functions.php relies on $_SERVER['PHP_SELF'] instead of $_SERVER['SCRIPT_NAME'] to determine a page name.

Published: Apr 12, 2018
Updated: Nov 9, 2025
CVE: CVE-2018-10059
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
cacti / cacti	-	1.1.36.x

http://www.securitytracker.com/id/1040620
https://github.com/Cacti/cacti/issues/1457
https://www.cacti.net/changelog.php

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo