Amazon Linux 1 Security Advisory: ALAS-2017-904
Advisory Release Date: 2017-10-02 16:54 Pacific
Advisory Updated Date: 2017-10-02 22:00 Pacific
A cross-site scripting vulnerability exists in Cacti in the method parameter in spikekill.php. (CVE-2017-12927)
The lib/html.php script in Cacti has a XSS vulnerability via the title field of an external link added by an authenticated user. (CVE-2017-12978)
Affected Packages:
cacti
Issue Correction:
Run yum update cacti to update your system.
noarch:
cacti-1.1.19-1.17.amzn1.noarch
src:
cacti-1.1.19-1.17.amzn1.src