Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/cacti@1.2.28-r0?arch=armhf&distroversion=v3.21&reponame=community
Typeapk
Namespacealpine
Namecacti
Version1.2.28-r0
Qualifiers
arch armhf
distroversion v3.21
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.2.29-r0
Latest_non_vulnerable_version1.2.29-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-be57-gxmc-vqd4
vulnerability_id VCID-be57-gxmc-vqd4
summary Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43362
reference_id
reference_type
scores
0
value 0.05453
scoring_system epss
scoring_elements 0.90204
published_at 2026-04-18T12:55:00Z
1
value 0.05453
scoring_system epss
scoring_elements 0.90191
published_at 2026-04-12T12:55:00Z
2
value 0.05453
scoring_system epss
scoring_elements 0.90185
published_at 2026-04-13T12:55:00Z
3
value 0.05453
scoring_system epss
scoring_elements 0.90203
published_at 2026-04-16T12:55:00Z
4
value 0.05453
scoring_system epss
scoring_elements 0.90156
published_at 2026-04-04T12:55:00Z
5
value 0.05453
scoring_system epss
scoring_elements 0.90162
published_at 2026-04-07T12:55:00Z
6
value 0.05453
scoring_system epss
scoring_elements 0.90177
published_at 2026-04-08T12:55:00Z
7
value 0.05453
scoring_system epss
scoring_elements 0.90183
published_at 2026-04-09T12:55:00Z
8
value 0.05453
scoring_system epss
scoring_elements 0.90192
published_at 2026-04-11T12:55:00Z
9
value 0.07763
scoring_system epss
scoring_elements 0.91918
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43362
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c
reference_id GHSA-wh9c-v56x-v77c
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:07:47Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.28-r0?arch=armhf&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/cacti@1.2.28-r0?arch=armhf&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=armhf&distroversion=v3.21&reponame=community
1
url pkg:apk/alpine/cacti@1.2.29-r0?arch=armhf&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/cacti@1.2.29-r0?arch=armhf&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=armhf&distroversion=v3.21&reponame=community
aliases CVE-2024-43362
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-be57-gxmc-vqd4
1
url VCID-hj89-pnag-3fer
vulnerability_id VCID-hj89-pnag-3fer
summary Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43363
reference_id
reference_type
scores
0
value 0.75133
scoring_system epss
scoring_elements 0.98879
published_at 2026-04-18T12:55:00Z
1
value 0.75133
scoring_system epss
scoring_elements 0.98876
published_at 2026-04-13T12:55:00Z
2
value 0.75133
scoring_system epss
scoring_elements 0.98878
published_at 2026-04-16T12:55:00Z
3
value 0.75133
scoring_system epss
scoring_elements 0.98868
published_at 2026-04-02T12:55:00Z
4
value 0.75133
scoring_system epss
scoring_elements 0.98869
published_at 2026-04-04T12:55:00Z
5
value 0.75133
scoring_system epss
scoring_elements 0.98872
published_at 2026-04-09T12:55:00Z
6
value 0.75133
scoring_system epss
scoring_elements 0.98873
published_at 2026-04-08T12:55:00Z
7
value 0.75133
scoring_system epss
scoring_elements 0.98875
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43363
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4
reference_id GHSA-gxq4-mv8h-6qj4
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-08T14:21:20Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.28-r0?arch=armhf&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/cacti@1.2.28-r0?arch=armhf&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=armhf&distroversion=v3.21&reponame=community
1
url pkg:apk/alpine/cacti@1.2.29-r0?arch=armhf&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/cacti@1.2.29-r0?arch=armhf&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=armhf&distroversion=v3.21&reponame=community
aliases CVE-2024-43363
risk_score 3.2
exploitability 0.5
weighted_severity 6.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hj89-pnag-3fer
2
url VCID-s8du-gzj2-gkc1
vulnerability_id VCID-s8du-gzj2-gkc1
summary Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43364
reference_id
reference_type
scores
0
value 0.05293
scoring_system epss
scoring_elements 0.90033
published_at 2026-04-18T12:55:00Z
1
value 0.05293
scoring_system epss
scoring_elements 0.90022
published_at 2026-04-12T12:55:00Z
2
value 0.05293
scoring_system epss
scoring_elements 0.90016
published_at 2026-04-13T12:55:00Z
3
value 0.05293
scoring_system epss
scoring_elements 0.90032
published_at 2026-04-16T12:55:00Z
4
value 0.05293
scoring_system epss
scoring_elements 0.89988
published_at 2026-04-04T12:55:00Z
5
value 0.05293
scoring_system epss
scoring_elements 0.89993
published_at 2026-04-07T12:55:00Z
6
value 0.05293
scoring_system epss
scoring_elements 0.90009
published_at 2026-04-08T12:55:00Z
7
value 0.05293
scoring_system epss
scoring_elements 0.90014
published_at 2026-04-09T12:55:00Z
8
value 0.05293
scoring_system epss
scoring_elements 0.90024
published_at 2026-04-11T12:55:00Z
9
value 0.07542
scoring_system epss
scoring_elements 0.91788
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43364
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5
reference_id GHSA-fgc6-g8gc-wcg5
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:27Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.28-r0?arch=armhf&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/cacti@1.2.28-r0?arch=armhf&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=armhf&distroversion=v3.21&reponame=community
1
url pkg:apk/alpine/cacti@1.2.29-r0?arch=armhf&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/cacti@1.2.29-r0?arch=armhf&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=armhf&distroversion=v3.21&reponame=community
aliases CVE-2024-43364
risk_score 2.5
exploitability 0.5
weighted_severity 5.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s8du-gzj2-gkc1
3
url VCID-xdbp-7rtr-fyb7
vulnerability_id VCID-xdbp-7rtr-fyb7
summary Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43365
reference_id
reference_type
scores
0
value 0.05293
scoring_system epss
scoring_elements 0.90033
published_at 2026-04-18T12:55:00Z
1
value 0.05293
scoring_system epss
scoring_elements 0.90016
published_at 2026-04-13T12:55:00Z
2
value 0.05293
scoring_system epss
scoring_elements 0.90032
published_at 2026-04-16T12:55:00Z
3
value 0.05293
scoring_system epss
scoring_elements 0.89975
published_at 2026-04-02T12:55:00Z
4
value 0.05293
scoring_system epss
scoring_elements 0.89988
published_at 2026-04-04T12:55:00Z
5
value 0.05293
scoring_system epss
scoring_elements 0.89993
published_at 2026-04-07T12:55:00Z
6
value 0.05293
scoring_system epss
scoring_elements 0.90009
published_at 2026-04-08T12:55:00Z
7
value 0.05293
scoring_system epss
scoring_elements 0.90014
published_at 2026-04-09T12:55:00Z
8
value 0.05293
scoring_system epss
scoring_elements 0.90024
published_at 2026-04-11T12:55:00Z
9
value 0.05293
scoring_system epss
scoring_elements 0.90022
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43365
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr
reference_id GHSA-49f2-hwx9-qffr
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:21Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.28-r0?arch=armhf&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/cacti@1.2.28-r0?arch=armhf&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=armhf&distroversion=v3.21&reponame=community
1
url pkg:apk/alpine/cacti@1.2.29-r0?arch=armhf&distroversion=v3.21&reponame=community
purl pkg:apk/alpine/cacti@1.2.29-r0?arch=armhf&distroversion=v3.21&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=armhf&distroversion=v3.21&reponame=community
aliases CVE-2024-43365
risk_score 2.5
exploitability 0.5
weighted_severity 5.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xdbp-7rtr-fyb7
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=armhf&distroversion=v3.21&reponame=community