Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti cacti vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2017-12066
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti prior to 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists beca...
Cacti Cacti
5.4
CVSSv3
CVE-2017-11691
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote malicious users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
Cacti Cacti 1.1.13
5.4
CVSSv3
CVE-2017-11163
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable.
Cacti Cacti 1.1.12
5.4
CVSSv3
CVE-2017-10970
Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 allows remote anonymous users to inject arbitrary web script or HTML via the id parameter, related to the die_html_input_error function in lib/html_validate.php.
Cacti Cacti 1.1.12
5.3
CVSSv3
CVE-2022-48538
In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.
Cacti Cacti 1.2.19
4.9
CVSSv3
CVE-2017-16661
Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.
Cacti Cacti 1.1.27
4.8
CVSSv3
CVE-2023-49088
Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious da...
Cacti Cacti
4.8
CVSSv3
CVE-2023-39511
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by ...
Cacti Cacti
Fedoraproject Fedora 37
Fedoraproject Fedora 38
4.8
CVSSv3
CVE-2023-39516
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by ...
Cacti Cacti
Fedoraproject Fedora 37
Fedoraproject Fedora 38
4.8
CVSSv3
CVE-2023-39366
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by admini...
Cacti Cacti
Fedoraproject Fedora 37
Fedoraproject Fedora 38
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »