Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cacti cacti vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-39512
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by ...
Cacti Cacti
Fedoraproject Fedora 37
Fedoraproject Fedora 38
4.8
CVSSv3
CVE-2023-39515
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administ...
Cacti Cacti
Fedoraproject Fedora 37
Fedoraproject Fedora 38
4.8
CVSSv3
CVE-2023-39366
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by admini...
Cacti Cacti
Fedoraproject Fedora 37
Fedoraproject Fedora 38
4.8
CVSSv3
CVE-2018-20723
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
Cacti Cacti
4.8
CVSSv3
CVE-2018-20724
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
Cacti Cacti
4.8
CVSSv3
CVE-2018-20725
A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti prior to 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
Cacti Cacti
4.3
CVSSv3
CVE-2023-30534
Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory (phpseclib), the necessary gadgets are not included, ma...
Cacti Cacti
Fedoraproject Fedora 37
Fedoraproject Fedora 38
4.3
CVSSv3
CVE-2020-13230
In Cacti prior to 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).
Cacti Cacti
Debian Debian Linux 9.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
4.3
CVSSv3
CVE-2019-16723
In Cacti up to and including 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.
Cacti Cacti
NA
CVE-2024-34340
Cacti provides an operational monitoring and fault management framework. Prior to version 1.2.27, Cacti calls `compat_password_hash` when users set their password. `compat_password_hash` use `password_hash` if there is it, else use `md5`. When verifying password, it calls `compat...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »