VYPR

Cacti

by Cacti (software)

Source repositories

CVEs (170)

  • CVE-2023-39360Sep 5, 2023
    risk 0.00cvss epss 0.01

    Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data. The vulnerability is found in `graphs_new.php`. Several validations are…

  • CVE-2023-39366Sep 5, 2023
    risk 0.00cvss epss 0.01

    Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by…

  • CVE-2023-39510Sep 5, 2023
    risk 0.00cvss epss 0.01

    Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by…

  • CVE-2023-39512Sep 5, 2023
    risk 0.00cvss epss 0.01

    Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by…

  • CVE-2023-39513Sep 5, 2023
    risk 0.00cvss epss 0.01

    Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by…

  • CVE-2023-39515Sep 5, 2023
    risk 0.00cvss epss 0.01

    Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by…

  • CVE-2023-39514Sep 5, 2023
    risk 0.00cvss epss 0.01

    Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by…

  • CVE-2022-41444Aug 22, 2023
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php.

  • CVE-2022-48547Aug 22, 2023
    risk 0.00cvss epss 0.01

    A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php.

  • CVE-2022-48538Aug 22, 2023
    risk 0.00cvss epss 0.01

    In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.

  • CVE-2023-37543Aug 10, 2023
    risk 0.00cvss epss 0.01

    Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.

  • CVE-2022-0730Mar 3, 2022
    risk 0.00cvss epss 0.03

    Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.

  • CVE-2021-23225Jan 19, 2022
    risk 0.00cvss epss 0.01

    Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php.

  • CVE-2021-3816Jan 19, 2022
    risk 0.00cvss epss 0.01

    Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php.

  • CVE-2020-14424Nov 14, 2021
    risk 0.00cvss epss 0.02

    Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.

  • CVE-2020-23226Aug 27, 2021
    risk 0.00cvss epss 0.02

    Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php.

  • CVE-2020-35701Jan 11, 2021
    risk 0.00cvss epss 0.05

    An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code execution.

  • CVE-2020-25706Nov 12, 2020
    risk 0.00cvss epss 0.03

    A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field

  • CVE-2020-13231May 20, 2020
    risk 0.00cvss epss 0.01

    In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change.

  • CVE-2020-13230May 20, 2020
    risk 0.00cvss epss 0.01

    In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).

Page 6 of 9