CVE-2017-12978by Jeremyin Security Bulletinson Posted on August 21, 2017 lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.