[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-20726":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":54,"duplicate_of":9,"upstream":55,"downstream":56,"duplicates":71,"related":72,"reserved_at":9,"published_at":78,"modified_at":79,"state":80,"summary":81,"references_raw":89,"kevs":127,"epss":128,"epss_history":131,"metrics":393,"affected":404},"CVE-2018-20726","A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[45],{"_key":46,"name":47,"source":48,"url":49,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":53,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_CACTI_CACTI","Cacti","github","https://github.com/Cacti/cacti/issues/847","poc",0.3,false,[],[],[],[57,59,61,63,65,67,69],{"_key":58},"UBUNTU-CVE-2018-20726",{"_key":60},"OPENSUSE-SU-2020:0284-1",{"_key":62},"OPENSUSE-SU-2020:0565-1",{"_key":64},"OPENSUSE-SU-2020:0272-1",{"_key":66},"OPENSUSE-SU-2020:0558-1",{"_key":68},"OPENSUSE-SU-2024:10670-1",{"_key":70},"DEBIAN-CVE-2018-20726",[],[73,74,75,76,77],{"_key":60},{"_key":62},{"_key":64},{"_key":66},{"_key":68},"2019-01-16T16:00:00.000Z","2024-08-05T12:12:28.314Z","Modified",{"cisa_kev":52,"cisa_ransomware":52,"cisa_vendor":9,"epss_severity":82,"epss_score":83,"severity":84,"severity_score":85,"severity_version":86,"severity_source":87,"severity_vector":88,"severity_status":80},"low",0.0051,"medium",5.4,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",[90,98,103,109,115,119,123],{"url":91,"sources":92,"tags":94},"https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d",[93,87],"cve.org",[95,96,97],"X Refsource MISC","Patch","Third Party Advisory",{"url":99,"sources":100,"tags":101},"https://github.com/Cacti/cacti/blob/develop/CHANGELOG",[93,87],[95,102,97],"Release Notes",{"url":104,"sources":105,"tags":106},"https://github.com/Cacti/cacti/issues/2213",[93,87],[95,107,108,97],"Exploit","Issue Tracking",{"url":110,"sources":111,"tags":112},"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html",[93,87],[113,114],"Vendor Advisory","X Refsource SUSE",{"url":116,"sources":117,"tags":118},"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html",[93,87],[113,114],{"url":120,"sources":121,"tags":122},"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html",[93,87],[113,114],{"url":124,"sources":125,"tags":126},"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html",[93,87],[113,114],[],{"date":129,"score":83,"percentile":130},"2026-06-04",0.66769,[132,136,139,142,145,148,151,154,156,159,162,165,168,171,174,178,181,183,185,188,191,193,195,198,200,203,206,209,212,215,218,221,224,227,229,232,235,238,241,244,247,250,253,256,259,262,265,268,271,274,277,280,283,286,289,291,293,296,299,302,305,308,311,314,317,320,323,326,328,331,334,337,340,343,346,349,352,355,358,361,364,367,370,373,376,379,382,384,387,390],{"date":133,"score":134,"percentile":135},"2025-11-04",0.0053,0.66386,{"date":137,"score":134,"percentile":138},"2025-11-05",0.66361,{"date":140,"score":134,"percentile":141},"2025-11-06",0.66356,{"date":143,"score":134,"percentile":144},"2025-11-07",0.66369,{"date":146,"score":134,"percentile":147},"2025-11-08",0.66366,{"date":149,"score":134,"percentile":150},"2025-11-09",0.66355,{"date":152,"score":134,"percentile":153},"2025-11-10",0.66345,{"date":155,"score":134,"percentile":150},"2025-11-11",{"date":157,"score":134,"percentile":158},"2025-11-12",0.66374,{"date":160,"score":134,"percentile":161},"2025-11-13",0.66385,{"date":163,"score":134,"percentile":164},"2025-11-14",0.66392,{"date":166,"score":134,"percentile":167},"2025-11-15",0.66387,{"date":169,"score":134,"percentile":170},"2025-11-16",0.66382,{"date":172,"score":134,"percentile":173},"2025-11-17",0.6638,{"date":175,"score":176,"percentile":177},"2025-11-18",0.00619,0.67544,{"date":179,"score":176,"percentile":180},"2025-11-19",0.6755,{"date":182,"score":176,"percentile":177},"2025-11-20",{"date":184,"score":134,"percentile":167},"2025-11-21",{"date":186,"score":134,"percentile":187},"2025-11-22",0.66394,{"date":189,"score":134,"percentile":190},"2025-11-23",0.66384,{"date":192,"score":134,"percentile":144},"2025-11-24",{"date":194,"score":134,"percentile":158},"2025-11-25",{"date":196,"score":134,"percentile":197},"2025-11-26",0.66379,{"date":199,"score":134,"percentile":161},"2025-11-27",{"date":201,"score":134,"percentile":202},"2025-11-28",0.6637,{"date":204,"score":134,"percentile":205},"2025-11-29",0.66352,{"date":207,"score":134,"percentile":208},"2025-11-30",0.66347,{"date":210,"score":134,"percentile":211},"2025-12-01",0.6651,{"date":213,"score":134,"percentile":214},"2025-12-02",0.66522,{"date":216,"score":134,"percentile":217},"2025-12-03",0.6652,{"date":219,"score":134,"percentile":220},"2025-12-04",0.66346,{"date":222,"score":134,"percentile":223},"2025-12-05",0.66359,{"date":225,"score":134,"percentile":226},"2025-12-06",0.66365,{"date":228,"score":134,"percentile":223},"2025-12-07",{"date":230,"score":134,"percentile":231},"2025-12-08",0.66363,{"date":233,"score":134,"percentile":234},"2025-12-09",0.66395,{"date":236,"score":134,"percentile":237},"2025-12-10",0.66444,{"date":239,"score":134,"percentile":240},"2025-12-11",0.66463,{"date":242,"score":134,"percentile":243},"2025-12-12",0.6649,{"date":245,"score":134,"percentile":246},"2025-12-13",0.66496,{"date":248,"score":134,"percentile":249},"2025-12-14",0.66498,{"date":251,"score":134,"percentile":252},"2025-12-15",0.66497,{"date":254,"score":134,"percentile":255},"2025-12-16",0.66513,{"date":257,"score":83,"percentile":258},"2025-12-17",0.65682,{"date":260,"score":83,"percentile":261},"2025-12-18",0.65721,{"date":263,"score":83,"percentile":264},"2025-12-19",0.65736,{"date":266,"score":83,"percentile":267},"2025-12-20",0.65734,{"date":269,"score":83,"percentile":270},"2025-12-21",0.65727,{"date":272,"score":83,"percentile":273},"2025-12-22",0.65723,{"date":275,"score":83,"percentile":276},"2025-12-23",0.65724,{"date":278,"score":83,"percentile":279},"2025-12-24",0.65732,{"date":281,"score":83,"percentile":282},"2025-12-25",0.65759,{"date":284,"score":83,"percentile":285},"2025-12-26",0.65758,{"date":287,"score":83,"percentile":288},"2025-12-27",0.65803,{"date":290,"score":83,"percentile":279},"2025-12-28",{"date":292,"score":83,"percentile":276},"2025-12-29",{"date":294,"score":83,"percentile":295},"2025-12-30",0.65742,{"date":297,"score":83,"percentile":298},"2025-12-31",0.65766,{"date":300,"score":83,"percentile":301},"2026-01-01",0.65949,{"date":303,"score":83,"percentile":304},"2026-01-02",0.65932,{"date":306,"score":83,"percentile":307},"2026-01-03",0.65934,{"date":309,"score":83,"percentile":310},"2026-01-04",0.65765,{"date":312,"score":83,"percentile":313},"2026-01-05",0.65752,{"date":315,"score":83,"percentile":316},"2026-01-06",0.65761,{"date":318,"score":83,"percentile":319},"2026-01-07",0.65782,{"date":321,"score":83,"percentile":322},"2026-01-08",0.65796,{"date":324,"score":83,"percentile":325},"2026-01-09",0.65802,{"date":327,"score":83,"percentile":288},"2026-01-10",{"date":329,"score":83,"percentile":330},"2026-01-11",0.65792,{"date":332,"score":83,"percentile":333},"2026-01-12",0.65777,{"date":335,"score":83,"percentile":336},"2026-01-13",0.65773,{"date":338,"score":83,"percentile":339},"2026-01-14",0.65809,{"date":341,"score":83,"percentile":342},"2026-01-15",0.65811,{"date":344,"score":83,"percentile":345},"2026-01-16",0.65829,{"date":347,"score":83,"percentile":348},"2026-01-17",0.65817,{"date":350,"score":83,"percentile":351},"2026-01-18",0.65801,{"date":353,"score":83,"percentile":354},"2026-01-19",0.65787,{"date":356,"score":83,"percentile":357},"2026-01-20",0.65799,{"date":359,"score":83,"percentile":360},"2026-01-21",0.6581,{"date":362,"score":83,"percentile":363},"2026-01-22",0.6582,{"date":365,"score":83,"percentile":366},"2026-01-23",0.65852,{"date":368,"score":83,"percentile":369},"2026-01-24",0.65859,{"date":371,"score":83,"percentile":372},"2026-01-25",0.65824,{"date":374,"score":83,"percentile":375},"2026-01-26",0.65814,{"date":377,"score":83,"percentile":378},"2026-01-27",0.65822,{"date":380,"score":83,"percentile":381},"2026-01-28",0.65836,{"date":383,"score":83,"percentile":381},"2026-01-29",{"date":385,"score":83,"percentile":386},"2026-01-30",0.65846,{"date":388,"score":83,"percentile":389},"2026-01-31",0.65848,{"date":391,"score":83,"percentile":392},"2026-02-01",0.65997,[394],{"source":87,"cvss_v2_0":395,"cvss_v3_0":400,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":396,"baseSeverity":9,"vectorString":397,"impactScore":398,"exploitabilityScore":399},3.5,"AV:N/AC:M/Au:S/C:N/I:P/A:N",2.9,6.8,{"baseScore":85,"baseSeverity":401,"vectorString":88,"impactScore":402,"exploitabilityScore":403},"MEDIUM",4.5,5.9,[405],{"ecosystem":9,"name":47,"vendor":9,"product":47,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":406},[407],{"version":408,"is_range":409,"range_type":410,"version_start":9,"version_start_type":9,"version_end":411,"version_end_type":412,"fixed_in":9},"lt1.2.0",true,"cpe","1.2.0","excluding"]