Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.