Vulnerabilities > Cacti

DATE	CVE	VULNERABILITY TITLE	RISK
2023-08-22	CVE-2022-48538	Incorrect Authorization vulnerability in Cacti 1.2.19 In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password. network low complexity cacti CWE-863	5.3
2023-08-22	CVE-2022-48547	Cross-site Scripting vulnerability in Cacti A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php. network low complexity cacti CWE-79	6.1
2023-08-10	CVE-2023-37543	Authorization Bypass Through User-Controlled Key vulnerability in Cacti Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. network low complexity cacti CWE-639	7.5
2022-12-05	CVE-2022-46169	Incorrect Authorization vulnerability in Cacti Cacti is an open source platform which provides a robust and extensible operational monitoring and fault management framework for users. network low complexity cacti CWE-863 critical	9.8
2022-03-03	CVE-2022-0730	Improper Authentication vulnerability in multiple products Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. network low complexity cacti debian fedoraproject CWE-287 critical	9.8
2022-01-19	CVE-2021-23225	Cross-site Scripting vulnerability in multiple products Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php. network low complexity cacti debian CWE-79	5.4
2022-01-19	CVE-2021-26247	Cross-site Scripting vulnerability in Cacti 0.8.7G As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter. network low complexity cacti CWE-79	6.1
2022-01-19	CVE-2021-3816	Cross-site Scripting vulnerability in Cacti 1.1.38 Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php. network low complexity cacti CWE-79	5.4
2021-11-14	CVE-2020-14424	Cross-site Scripting vulnerability in Cacti Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme. network low complexity cacti CWE-79	6.1
2021-08-27	CVE-2020-23226	Cross-site Scripting vulnerability in multiple products Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php. network low complexity cacti debian CWE-79	6.1

Vulnerabilities > Cacti {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Cacti"}]}

Vulnerabilities > Cacti