Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/cacti@1.2.1%2Bds1-1?distro=trixie

Type deb

Namespace debian

Name cacti

Version 1.2.1+ds1-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.2.2+ds1-2

Latest_non_vulnerable_version 1.2.30+ds1-2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1ff1-vhuj-hkdc

vulnerability_id VCID-1ff1-vhuj-hkdc

summary Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3816

reference_id

reference_type

scores

value	0.00262
scoring_system	epss
scoring_elements	0.49526
published_at	2026-04-01T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49556
published_at	2026-04-02T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49584
published_at	2026-04-04T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49537
published_at	2026-04-07T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49592
published_at	2026-04-08T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49586
published_at	2026-04-09T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49603
published_at	2026-04-11T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49574
published_at	2026-04-12T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49575
published_at	2026-04-13T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.49622
published_at	2026-04-16T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.4962
published_at	2026-04-18T12:55:00Z

value	0.00262
scoring_system	epss
scoring_elements	0.4959
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3816

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3816
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3816

fixed_packages

url	pkg:deb/debian/cacti@1.2.1%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.1%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.1%252Bds1-1%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2021-3816

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ff1-vhuj-hkdc

url VCID-29q9-twke-2bdx

vulnerability_id VCID-29q9-twke-2bdx

summary A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20725

reference_id

reference_type

scores

value	0.00496
scoring_system	epss
scoring_elements	0.65848
published_at	2026-04-21T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65861
published_at	2026-04-18T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65729
published_at	2026-04-01T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65778
published_at	2026-04-02T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65808
published_at	2026-04-04T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65773
published_at	2026-04-07T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65826
published_at	2026-04-08T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65837
published_at	2026-04-09T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65856
published_at	2026-04-11T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65843
published_at	2026-04-12T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65813
published_at	2026-04-13T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65846
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20725

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20725
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20725

reference_url	https://github.com/Cacti/cacti/blob/develop/CHANGELOG
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/blob/develop/CHANGELOG

reference_url	https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d

reference_url	https://github.com/Cacti/cacti/issues/2214
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/issues/2214

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti::::::::
reference_id	cpe:2.3:a:cacti:cacti::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20725

reference_id

CVE-2018-20725

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20725

fixed_packages

url	pkg:deb/debian/cacti@1.2.1%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.1%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.1%252Bds1-1%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2018-20725

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-29q9-twke-2bdx

url VCID-86gq-jsgy-8uep

vulnerability_id VCID-86gq-jsgy-8uep

summary Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-23225

reference_id

reference_type

scores

value	0.00488
scoring_system	epss
scoring_elements	0.6539
published_at	2026-04-01T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.65438
published_at	2026-04-02T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.65466
published_at	2026-04-04T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.6543
published_at	2026-04-07T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.65483
published_at	2026-04-08T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.65495
published_at	2026-04-09T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.65513
published_at	2026-04-11T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.655
published_at	2026-04-12T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.65472
published_at	2026-04-13T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.65509
published_at	2026-04-16T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.65521
published_at	2026-04-18T12:55:00Z

value	0.00488
scoring_system	epss
scoring_elements	0.65506
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-23225

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23225
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23225

fixed_packages

url	pkg:deb/debian/cacti@1.2.1%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.1%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.1%252Bds1-1%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2021-23225

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-86gq-jsgy-8uep

url VCID-89pf-69jk-syfk

vulnerability_id VCID-89pf-69jk-syfk

summary A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20724

reference_id

reference_type

scores

value	0.00583
scoring_system	epss
scoring_elements	0.68995
published_at	2026-04-21T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.69015
published_at	2026-04-18T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.68899
published_at	2026-04-01T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.68916
published_at	2026-04-07T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.68937
published_at	2026-04-04T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.68967
published_at	2026-04-08T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.68985
published_at	2026-04-09T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.69008
published_at	2026-04-11T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.68994
published_at	2026-04-12T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.68964
published_at	2026-04-13T12:55:00Z

value	0.00583
scoring_system	epss
scoring_elements	0.69006
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20724

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20724
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20724

reference_url	https://github.com/Cacti/cacti/blob/develop/CHANGELOG
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/blob/develop/CHANGELOG

reference_url	https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/commit/1f42478506d83d188f68ce5ff41728a7bd159f53

reference_url	https://github.com/Cacti/cacti/issues/2212
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/issues/2212

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti::::::::
reference_id	cpe:2.3:a:cacti:cacti::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20724

reference_id

CVE-2018-20724

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20724

fixed_packages

url	pkg:deb/debian/cacti@1.2.1%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.1%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.1%252Bds1-1%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2018-20724

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-89pf-69jk-syfk

url VCID-bj2d-v5dw-ykc7

vulnerability_id VCID-bj2d-v5dw-ykc7

summary Cacti: Privilege escalation under certain conditions

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4112.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-4112.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-4112

reference_id

reference_type

scores

value	0.07985
scoring_system	epss
scoring_elements	0.9205
published_at	2026-04-01T12:55:00Z

value	0.07985
scoring_system	epss
scoring_elements	0.92056
published_at	2026-04-02T12:55:00Z

value	0.07985
scoring_system	epss
scoring_elements	0.92064
published_at	2026-04-04T12:55:00Z

value	0.07985
scoring_system	epss
scoring_elements	0.92068
published_at	2026-04-07T12:55:00Z

value	0.07985
scoring_system	epss
scoring_elements	0.9208
published_at	2026-04-08T12:55:00Z

value	0.07985
scoring_system	epss
scoring_elements	0.92084
published_at	2026-04-09T12:55:00Z

value	0.07985
scoring_system	epss
scoring_elements	0.92088
published_at	2026-04-12T12:55:00Z

value	0.07985
scoring_system	epss
scoring_elements	0.92083
published_at	2026-04-13T12:55:00Z

value	0.07985
scoring_system	epss
scoring_elements	0.92095
published_at	2026-04-16T12:55:00Z

value	0.07985
scoring_system	epss
scoring_elements	0.92093
published_at	2026-04-18T12:55:00Z

value	0.07985
scoring_system	epss
scoring_elements	0.92091
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-4112

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4112
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4112

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=542985
reference_id	542985
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=542985

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561339
reference_id	561339
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561339

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/33377.txt
reference_id	CVE-2009-4112;OSVDB-60653
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/33377.txt

reference_url	https://www.securityfocus.com/bid/37145/info
reference_id	CVE-2009-4112;OSVDB-60653
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/37145/info

fixed_packages

url	pkg:deb/debian/cacti@1.2.1%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.1%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.1%252Bds1-1%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2009-4112

risk_score 0.2

exploitability 2.0

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bj2d-v5dw-ykc7

url VCID-kkn3-ars7-gkbk

vulnerability_id VCID-kkn3-ars7-gkbk

summary A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20723

reference_id

reference_type

scores

value	0.00496
scoring_system	epss
scoring_elements	0.65848
published_at	2026-04-21T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65861
published_at	2026-04-18T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65729
published_at	2026-04-01T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65778
published_at	2026-04-02T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65808
published_at	2026-04-04T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65773
published_at	2026-04-07T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65826
published_at	2026-04-08T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65837
published_at	2026-04-09T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65856
published_at	2026-04-11T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65843
published_at	2026-04-12T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65813
published_at	2026-04-13T12:55:00Z

value	0.00496
scoring_system	epss
scoring_elements	0.65846
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20723

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20723
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20723

reference_url	https://github.com/Cacti/cacti/blob/develop/CHANGELOG
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/blob/develop/CHANGELOG

reference_url	https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d

reference_url	https://github.com/Cacti/cacti/issues/2215
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/issues/2215

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti::::::::
reference_id	cpe:2.3:a:cacti:cacti::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20723

reference_id

CVE-2018-20723

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20723

fixed_packages

url	pkg:deb/debian/cacti@1.2.1%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.1%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.1%252Bds1-1%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2018-20723

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kkn3-ars7-gkbk

url VCID-nbfc-ex1y-37he

vulnerability_id VCID-nbfc-ex1y-37he

summary A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.

references

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00001.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00005.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00042.html

reference_url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00048.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-20726

reference_id

reference_type

scores

value	0.0051
scoring_system	epss
scoring_elements	0.66434
published_at	2026-04-21T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66449
published_at	2026-04-18T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66322
published_at	2026-04-01T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66361
published_at	2026-04-02T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66387
published_at	2026-04-04T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66357
published_at	2026-04-07T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66405
published_at	2026-04-08T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66419
published_at	2026-04-09T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66439
published_at	2026-04-11T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66426
published_at	2026-04-12T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66396
published_at	2026-04-13T12:55:00Z

value	0.0051
scoring_system	epss
scoring_elements	0.66432
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-20726

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20726
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20726

reference_url	https://github.com/Cacti/cacti/blob/develop/CHANGELOG
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/blob/develop/CHANGELOG

reference_url	https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/commit/80c2a88fb2afb93f87703ba4641f9970478c102d

reference_url	https://github.com/Cacti/cacti/issues/2213
reference_id
reference_type
scores
url	https://github.com/Cacti/cacti/issues/2213

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti::::::::
reference_id	cpe:2.3:a:cacti:cacti::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-20726

reference_id

CVE-2018-20726

reference_type

scores

value	3.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:S/C:N/I:P/A:N

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2018-20726

fixed_packages

url	pkg:deb/debian/cacti@1.2.1%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.1%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.1%252Bds1-1%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2018-20726

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nbfc-ex1y-37he

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.1%252Bds1-1%3Fdistro=trixie

Package Instance