VYPR
\" to successfully execute the JavaScript payload present in the \"ref\" URL parameter.","datePublished":"2022-01-19T20:38:53Z","dateModified":"2024-08-03T20:19:20.307Z","publisher":{"@type":"Organization","@id":"https://portal.vyprsec.ai#publisher","name":"VYPR","url":"https://portal.vyprsec.ai","logo":{"@type":"ImageObject","url":"https://portal.vyprsec.ai/icon.svg","width":64,"height":64},"description":"Real-time CVE intelligence newsroom — feeds, exploits, vendor advisories, and AI-synthesized insights."},"author":{"@type":"Organization","@id":"https://portal.vyprsec.ai#publisher","name":"VYPR","url":"https://portal.vyprsec.ai","logo":{"@type":"ImageObject","url":"https://portal.vyprsec.ai/icon.svg","width":64,"height":64},"description":"Real-time CVE intelligence newsroom — feeds, exploits, vendor advisories, and AI-synthesized insights."},"proficiencyLevel":"Expert","about":{"@type":"Thing","@id":"https://nvd.nist.gov/vuln/detail/CVE-2021-26247","name":"CVE-2021-26247","identifier":"CVE-2021-26247","description":"As an unauthenticated remote user, visit \"http:///auth_changepassword.php?ref=\" to successfully execute the JavaScript payload present in the \"ref\" URL parameter.","additionalType":"https://schema.org/SoftwareApplication","sameAs":["https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26247"]},"keywords":"CVE-2021-26247, Cacti (software) Cacti, Cacti (software) Cacti","mentions":[{"@type":"SoftwareApplication","name":"Cacti","applicationCategory":"SecurityApplication","publisher":{"@type":"Organization","name":"Cacti (software)"}},{"@type":"SoftwareApplication","name":"Cacti","applicationCategory":"SecurityApplication","publisher":{"@type":"Organization","name":"Cacti (software)"}}],"isAccessibleForFree":true},{"@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://portal.vyprsec.ai/"},{"@type":"ListItem","position":2,"name":"CVEs","item":"https://portal.vyprsec.ai/cves"},{"@type":"ListItem","position":3,"name":"CVE-2021-26247","item":"https://portal.vyprsec.ai/cves/CVE-2021-26247"}]}]}
Unrated severityNVD Advisory· Published Jan 19, 2022· Updated Aug 3, 2024

CVE-2021-26247

CVE-2021-26247

Description

As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=" to successfully execute the JavaScript payload present in the "ref" URL parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.