CVE search results

41 – 50 of 140 results

Detailed view

Sort by:

CVE-2023-39360

Medium priority

Needs evaluation

Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data. The vulnerability is...

1 affected package

cacti

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cacti	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2023-39359

Medium priority

Needs evaluation

Cacti is an open source operational monitoring and fault management framework. An authenticated SQL injection vulnerability was discovered which allows authenticated users to perform privilege escalation and remote code execution....

1 affected package

cacti

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cacti	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-48547

Medium priority

Needs evaluation

A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php.

1 affected package

cacti

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cacti	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-48538

Medium priority

Needs evaluation

In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.

1 affected package

cacti

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cacti	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-41444

Medium priority

Needs evaluation

Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php.

1 affected package

cacti

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cacti	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2023-37543

Medium priority

Needs evaluation

Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.

1 affected package

cacti

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cacti	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-46169

High priority

Needs evaluation

Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to...

1 affected package

cacti

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cacti	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-0730

Medium priority

Needs evaluation

Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.

1 affected package

cacti

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cacti	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2021-3816

Medium priority

Needs evaluation

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php.

1 affected package

cacti

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cacti	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2021-26247

Medium priority

Needs evaluation

As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.

1 affected package

cacti

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cacti	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

Export to JSON

Results by page:

Search CVE reports