Vulnerabilities > Cacti > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-09-05 CVE-2023-39360 Cross-site Scripting vulnerability in multiple products
Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data.
network
low complexity
cacti fedoraproject CWE-79
6.1
6.1
2023-09-05 CVE-2023-39366 Cross-site Scripting vulnerability in multiple products
Cacti is an open source operational monitoring and fault management framework.
network
low complexity
cacti fedoraproject CWE-79
4.8
4.8
2023-09-05 CVE-2023-39510 Cross-site Scripting vulnerability in multiple products
Cacti is an open source operational monitoring and fault management framework.
network
low complexity
cacti fedoraproject CWE-79
4.8
4.8
2023-09-05 CVE-2023-39512 Cross-site Scripting vulnerability in multiple products
Cacti is an open source operational monitoring and fault management framework.
network
low complexity
cacti fedoraproject CWE-79
4.8
4.8
2023-09-05 CVE-2023-39513 Cross-site Scripting vulnerability in multiple products
Cacti is an open source operational monitoring and fault management framework.
network
low complexity
cacti fedoraproject CWE-79
5.4
5.4
2023-09-05 CVE-2023-39514 Cross-site Scripting vulnerability in multiple products
Cacti is an open source operational monitoring and fault management framework.
network
low complexity
cacti fedoraproject CWE-79
5.4
5.4
2023-09-05 CVE-2023-39515 Cross-site Scripting vulnerability in multiple products
Cacti is an open source operational monitoring and fault management framework.
network
low complexity
cacti fedoraproject CWE-79
4.8
4.8
2023-08-22 CVE-2022-41444 Cross-site Scripting vulnerability in Cacti 1.2.21
Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php.
network
low complexity
cacti CWE-79
6.1
6.1
2023-08-22 CVE-2022-48538 Incorrect Authorization vulnerability in Cacti 1.2.19
In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password.
network
low complexity
cacti CWE-863
5.3
5.3
2023-08-22 CVE-2022-48547 Cross-site Scripting vulnerability in Cacti
A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php.
network
low complexity
cacti CWE-79
6.1
6.1