Amazon Linux AMI Security Advisory: ALAS-2017-904
Advisory Release Date: 2017-10-02 22:00 Pacific
A cross-site scripting vulnerability exists in Cacti in the method parameter in spikekill.php. (CVE-2017-12927 )
The lib/html.php script in Cacti has a XSS vulnerability via the title field of an external link added by an authenticated user. (CVE-2017-12978 )
Run yum update cacti to update your system.