Vulnerabilities > Cacti > Cacti > 1.1.38
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-05 | CVE-2023-39510 | Cross-site Scripting vulnerability in multiple products Cacti is an open source operational monitoring and fault management framework. | 4.8 |
| 2023-09-05 | CVE-2023-39512 | Cross-site Scripting vulnerability in multiple products Cacti is an open source operational monitoring and fault management framework. | 4.8 |
| 2023-09-05 | CVE-2023-39513 | Cross-site Scripting vulnerability in multiple products Cacti is an open source operational monitoring and fault management framework. | 5.4 |
| 2023-09-05 | CVE-2023-39514 | Cross-site Scripting vulnerability in multiple products Cacti is an open source operational monitoring and fault management framework. | 5.4 |
| 2023-09-05 | CVE-2023-39515 | Cross-site Scripting vulnerability in multiple products Cacti is an open source operational monitoring and fault management framework. | 4.8 |
| 2023-08-10 | CVE-2023-37543 | Authorization Bypass Through User-Controlled Key vulnerability in Cacti Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. | 7.5 |
| 2022-12-05 | CVE-2022-46169 | Incorrect Authorization vulnerability in Cacti Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. | 9.8 |
| 2022-01-19 | CVE-2021-23225 | Cross-site Scripting vulnerability in multiple products Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php. | 3.5 |
| 2022-01-19 | CVE-2021-3816 | Cross-site Scripting vulnerability in Cacti 1.1.38 Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php. | 3.5 |
| 2021-11-14 | CVE-2020-14424 | Cross-site Scripting vulnerability in Cacti Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme. | 4.3 |