CVE search results

51 – 60 of 146 results

Detailed view

Sort by:

CVE-2022-41444

Medium priority

Needs evaluation

Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php.

1 affected package

cacti

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cacti	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. This is a different vulnerability than CVE-2019-16723.

1 affected package

cacti

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cacti	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2022-46169

High priority

Some fixes available 3 of 7

Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. In affected versions a command injection vulnerability allows an unauthenticated user to...

1 affected package

cacti

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cacti	Not affected	Fixed	Fixed	Fixed	Not affected

CVE-2022-0730

Medium priority

Needs evaluation

Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.

1 affected package

cacti

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cacti	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2021-3816

Medium priority

Needs evaluation

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php.

1 affected package

cacti

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cacti	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2021-26247

Medium priority

Needs evaluation

As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.

1 affected package

cacti

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cacti	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2021-23225

Medium priority

Needs evaluation

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php.

1 affected package

cacti

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cacti	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation

CVE-2020-14424

Medium priority

Fixed

Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme.

1 affected package

cacti

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cacti	Not affected	Not affected	Fixed	Fixed	Not affected

CVE-2020-23226

Medium priority

Vulnerable

Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php.

1 affected package

cacti

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cacti	Not affected	Not affected	Vulnerable	Vulnerable	Needs evaluation

CVE-2020-35701

Medium priority

Some fixes available 1 of 3

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.php allows remote authenticated attackers to execute arbitrary SQL commands via the site_id parameter. This can lead to remote code...

1 affected package

cacti

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
cacti	Not affected	Not affected	Fixed	Not affected	Not affected

Export to JSON

Results by page:

Search CVE reports

CVE-2022-41444

CVE-2023-37543

CVE-2022-46169

CVE-2022-0730

CVE-2021-3816

CVE-2021-26247

CVE-2021-23225

CVE-2020-14424

CVE-2020-23226

CVE-2020-35701