CVE-2018-20723
Description
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9release/1.0.0, release/1.0.1, release/1.0.2, …+ 1 more
- (no CPE)range: release/1.0.0, release/1.0.1, release/1.0.2, …
- (no CPE)range: <1.2.0
- osv-coords7 versionspkg:rpm/opensuse/cacti&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/cacti&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/cacti-spine&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/cacti&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/cacti&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/cacti-spine&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/cacti-spine&distro=SUSE%20Package%20Hub%2015%20SP1
< 1.2.9-lp151.3.3.1+ 6 more
- (no CPE)range: < 1.2.9-lp151.3.3.1
- (no CPE)range: < 1.2.18-1.2
- (no CPE)range: < 1.2.9-lp151.3.3.1
- (no CPE)range: < 1.2.11-5.1
- (no CPE)range: < 1.2.9-bp151.4.3.1
- (no CPE)range: < 1.2.11-2.1
- (no CPE)range: < 1.2.9-bp151.4.3.1
Patches
Vulnerability mechanics
Root cause
"Missing HTML escaping of the Name field value before output in color_templates.php allows stored XSS."
Attack vector
An attacker can inject arbitrary JavaScript by entering a payload such as `
Affected code
The vulnerability exists in `color_templates.php` in the Color Template edit page. The Name field value is printed without escaping before being displayed, as reported in the issue [ref_id=1].
What the fix does
The commit [ref_id=2] addresses the issue by applying `html_escape()` to user-supplied values before output. Specifically, the patch changes `$name` to `html_escape($name)` in the affected cell rendering, ensuring that any HTML or JavaScript in the Name field is safely encoded rather than executed by the browser.
Preconditions
- networkAttacker must have access to the Color Template edit page (color_templates.php?action=template_edit)
- inputAttacker must be able to supply a value for the Name field
Reproduction
1. Navigate to `http://localhost:4040/cacti/color_templates.php?action=template_edit`. 2. Enter `
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.htmlmitrevendor-advisoryx_refsource_SUSE
- github.com/Cacti/cacti/blob/develop/CHANGELOGmitrex_refsource_MISC
- github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102dmitrex_refsource_MISC
- github.com/Cacti/cacti/issues/2215mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.