Source: National Vulnerability Database

Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14424

56 hits since 2021-11-14

PHP Vulns Source Ratio: 14% (4754 total, 328 propagated, 2377 filtered)