Vulnerabilities > Cacti
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-03 | CVE-2022-0730 | Improper Authentication vulnerability in multiple products Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. | 9.8 |
2022-01-19 | CVE-2021-23225 | Cross-site Scripting vulnerability in multiple products Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php. | 3.5 |
2022-01-19 | CVE-2021-26247 | Cross-site Scripting vulnerability in Cacti 0.8.7G As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter. | 4.3 |
2022-01-19 | CVE-2021-3816 | Cross-site Scripting vulnerability in Cacti 1.1.38 Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php. | 3.5 |
2021-11-14 | CVE-2020-14424 | Cross-site Scripting vulnerability in Cacti Cacti before 1.2.18 allows remote attackers to trigger XSS via template import for the midwinter theme. | 4.3 |
2021-08-27 | CVE-2020-23226 | Cross-site Scripting vulnerability in multiple products Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1.2.12 in (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, (6) reports_admin.php, and (7) data_input.php. | 6.1 |
2021-01-11 | CVE-2020-35701 | SQL Injection vulnerability in multiple products An issue was discovered in Cacti 1.2.x through 1.2.16. | 8.8 |
2020-11-12 | CVE-2020-25706 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Improper escaping of error message during template import preview in the xml_path field | 6.1 |
2020-06-17 | CVE-2020-14295 | SQL Injection vulnerability in multiple products A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. | 7.2 |
2020-05-20 | CVE-2020-13231 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. | 6.5 |