Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie

Type deb

Namespace debian

Name cacti

Version 1.2.16+ds1-2+deb11u5

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.2.19+ds1-1

Latest_non_vulnerable_version 1.2.30+ds1-2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-4twv-1yys-eban

vulnerability_id VCID-4twv-1yys-eban

summary Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-22604

reference_id

reference_type

scores

value	0.72211
scoring_system	epss
scoring_elements	0.98757
published_at	2026-04-16T12:55:00Z

value	0.72211
scoring_system	epss
scoring_elements	0.9875
published_at	2026-04-09T12:55:00Z

value	0.72211
scoring_system	epss
scoring_elements	0.98753
published_at	2026-04-12T12:55:00Z

value	0.72211
scoring_system	epss
scoring_elements	0.98754
published_at	2026-04-13T12:55:00Z

value	0.72211
scoring_system	epss
scoring_elements	0.98742
published_at	2026-04-02T12:55:00Z

value	0.72211
scoring_system	epss
scoring_elements	0.98746
published_at	2026-04-04T12:55:00Z

value	0.72211
scoring_system	epss
scoring_elements	0.98749
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-22604

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id	1094574
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574

reference_url

https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_id

c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/

url

https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36

reference_id

GHSA-c5j8-jxj3-hh36

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
purl	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie
purl	pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2025-22604

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4twv-1yys-eban

url VCID-6ze5-dqdn-ykg3

vulnerability_id VCID-6ze5-dqdn-ykg3

summary Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-45598

reference_id

reference_type

scores

value	0.00063
scoring_system	epss
scoring_elements	0.19758
published_at	2026-04-02T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.1981
published_at	2026-04-04T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19532
published_at	2026-04-07T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19611
published_at	2026-04-08T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19664
published_at	2026-04-09T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19668
published_at	2026-04-11T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24993
published_at	2026-04-12T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24939
published_at	2026-04-13T12:55:00Z

value	0.00087
scoring_system	epss
scoring_elements	0.24951
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-45598

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id	1094574
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
purl	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie
purl	pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2024-45598

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ze5-dqdn-ykg3

url VCID-7m68-seeq-tuae

vulnerability_id VCID-7m68-seeq-tuae

summary Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-24368

reference_id

reference_type

scores

value	0.00069
scoring_system	epss
scoring_elements	0.2139
published_at	2026-04-04T12:55:00Z

value	0.00069
scoring_system	epss
scoring_elements	0.21335
published_at	2026-04-02T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29605
published_at	2026-04-16T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.2964
published_at	2026-04-08T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29678
published_at	2026-04-09T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.2968
published_at	2026-04-11T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29636
published_at	2026-04-12T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29586
published_at	2026-04-13T12:55:00Z

value	0.00146
scoring_system	epss
scoring_elements	0.34947
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-24368

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id	1094574
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574

reference_url

https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_id

c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/

url

https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c

reference_id

GHSA-f9c7-7rc3-574c

reference_type

scores

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
purl	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie
purl	pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2025-24368

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7m68-seeq-tuae

url VCID-be57-gxmc-vqd4

vulnerability_id VCID-be57-gxmc-vqd4

summary Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-43362

reference_id

reference_type

scores

value	0.05453
scoring_system	epss
scoring_elements	0.90203
published_at	2026-04-16T12:55:00Z

value	0.05453
scoring_system	epss
scoring_elements	0.90192
published_at	2026-04-11T12:55:00Z

value	0.05453
scoring_system	epss
scoring_elements	0.90191
published_at	2026-04-12T12:55:00Z

value	0.05453
scoring_system	epss
scoring_elements	0.90185
published_at	2026-04-13T12:55:00Z

value	0.05453
scoring_system	epss
scoring_elements	0.90156
published_at	2026-04-04T12:55:00Z

value	0.05453
scoring_system	epss
scoring_elements	0.90162
published_at	2026-04-07T12:55:00Z

value	0.05453
scoring_system	epss
scoring_elements	0.90177
published_at	2026-04-08T12:55:00Z

value	0.05453
scoring_system	epss
scoring_elements	0.90183
published_at	2026-04-09T12:55:00Z

value	0.07763
scoring_system	epss
scoring_elements	0.91918
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-43362

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c

reference_id

GHSA-wh9c-v56x-v77c

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:07:47Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
purl	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.28%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.28%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2024-43362

risk_score 3.3

exploitability 0.5

weighted_severity 6.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-be57-gxmc-vqd4

url VCID-hj89-pnag-3fer

vulnerability_id VCID-hj89-pnag-3fer

summary Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-43363

reference_id

reference_type

scores

value	0.75133
scoring_system	epss
scoring_elements	0.98878
published_at	2026-04-16T12:55:00Z

value	0.75133
scoring_system	epss
scoring_elements	0.98875
published_at	2026-04-11T12:55:00Z

value	0.75133
scoring_system	epss
scoring_elements	0.98876
published_at	2026-04-13T12:55:00Z

value	0.75133
scoring_system	epss
scoring_elements	0.98868
published_at	2026-04-02T12:55:00Z

value	0.75133
scoring_system	epss
scoring_elements	0.98869
published_at	2026-04-04T12:55:00Z

value	0.75133
scoring_system	epss
scoring_elements	0.98872
published_at	2026-04-09T12:55:00Z

value	0.75133
scoring_system	epss
scoring_elements	0.98873
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-43363

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4

reference_id

GHSA-gxq4-mv8h-6qj4

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-08T14:21:20Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
purl	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.28%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.28%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2024-43363

risk_score 3.2

exploitability 0.5

weighted_severity 6.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hj89-pnag-3fer

url VCID-khhn-9sja-sfgr

vulnerability_id VCID-khhn-9sja-sfgr

summary Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-24367

reference_id

reference_type

scores

value	0.90486
scoring_system	epss
scoring_elements	0.99606
published_at	2026-04-04T12:55:00Z

value	0.90486
scoring_system	epss
scoring_elements	0.99608
published_at	2026-04-11T12:55:00Z

value	0.90486
scoring_system	epss
scoring_elements	0.99609
published_at	2026-04-13T12:55:00Z

value	0.90486
scoring_system	epss
scoring_elements	0.9961
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-24367

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id	1094574
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574

reference_url

https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_id

c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/

url

https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq

reference_id

GHSA-fxrq-fr7h-9rqq

reference_type

scores

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
purl	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie
purl	pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2025-24367

risk_score 10.0

exploitability 2.0

weighted_severity 7.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khhn-9sja-sfgr

url VCID-mebp-4rfu-vqcq

vulnerability_id VCID-mebp-4rfu-vqcq

summary

DOMpurify has a nesting-based mXSS
DOMpurify was vulnerable to nesting-based mXSS 

fixed by [0ef5e537](https://github.com/cure53/DOMPurify/tree/0ef5e537a514f904b6aa1d7ad9e749e365d7185f) (2.x) and
[merge 943](https://github.com/cure53/DOMPurify/pull/943)

Backporter should be aware of GHSA-mmhx-hmjr-r674 (CVE-2024-45801) when cherry-picking

POC is avaible under [test](https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47875.json

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47875.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-47875

reference_id

reference_type

scores

value	0.00699
scoring_system	epss
scoring_elements	0.72019
published_at	2026-04-16T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.71978
published_at	2026-04-13T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.71993
published_at	2026-04-12T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.7201
published_at	2026-04-11T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.71986
published_at	2026-04-09T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.71974
published_at	2026-04-08T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.71935
published_at	2026-04-07T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.71959
published_at	2026-04-04T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.71939
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-47875

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875

reference_url

http://seclists.org/fulldisclosure/2025/Apr/14

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2025/Apr/14

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/cure53/DOMPurify

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/cure53/DOMPurify

reference_url

https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/

url

https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098

reference_url

https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/

url

https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f

reference_url

https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/

url

https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a

reference_url

https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/

url

https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf

reference_url

https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-47875

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-47875

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983
reference_id	1084983
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2318052
reference_id	2318052
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2318052

reference_url

https://github.com/advisories/GHSA-gx9m-whjm-85jf

reference_id

GHSA-gx9m-whjm-85jf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gx9m-whjm-85jf

reference_url	https://access.redhat.com/errata/RHSA-2024:10236
reference_id	RHSA-2024:10236
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10236

reference_url	https://access.redhat.com/errata/RHSA-2024:10988
reference_id	RHSA-2024:10988
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10988

reference_url	https://access.redhat.com/errata/RHSA-2024:8683
reference_id	RHSA-2024:8683
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8683

reference_url	https://access.redhat.com/errata/RHSA-2024:8981
reference_id	RHSA-2024:8981
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8981

reference_url	https://access.redhat.com/errata/RHSA-2024:9473
reference_id	RHSA-2024:9473
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9473

reference_url	https://access.redhat.com/errata/RHSA-2024:9629
reference_id	RHSA-2024:9629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9629

reference_url	https://access.redhat.com/errata/RHSA-2025:0329
reference_id	RHSA-2025:0329
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0329

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
purl	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.26%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2024-47875, GHSA-gx9m-whjm-85jf

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mebp-4rfu-vqcq

url VCID-s8du-gzj2-gkc1

vulnerability_id VCID-s8du-gzj2-gkc1

summary Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-43364

reference_id

reference_type

scores

value	0.05293
scoring_system	epss
scoring_elements	0.90032
published_at	2026-04-16T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90024
published_at	2026-04-11T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90022
published_at	2026-04-12T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90016
published_at	2026-04-13T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.89988
published_at	2026-04-04T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.89993
published_at	2026-04-07T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90009
published_at	2026-04-08T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90014
published_at	2026-04-09T12:55:00Z

value	0.07542
scoring_system	epss
scoring_elements	0.91788
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-43364

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5

reference_id

GHSA-fgc6-g8gc-wcg5

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:27Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
purl	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.28%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.28%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2024-43364

risk_score 2.5

exploitability 0.5

weighted_severity 5.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s8du-gzj2-gkc1

url VCID-sx2t-uzae-2fh9

vulnerability_id VCID-sx2t-uzae-2fh9

summary Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-54145

reference_id

reference_type

scores

value	0.00084
scoring_system	epss
scoring_elements	0.24603
published_at	2026-04-02T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24415
published_at	2026-04-07T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.2464
published_at	2026-04-04T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39638
published_at	2026-04-16T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39631
published_at	2026-04-09T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.3964
published_at	2026-04-11T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39604
published_at	2026-04-12T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39587
published_at	2026-04-13T12:55:00Z

value	0.0018
scoring_system	epss
scoring_elements	0.39616
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-54145

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574
reference_id	1094574
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574

reference_url

https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_id

c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/

url

https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp

reference_id

GHSA-fh3x-69rr-qqpp

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
purl	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie
purl	pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2024-54145

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sx2t-uzae-2fh9

url VCID-vbs9-gben-9kgc

vulnerability_id VCID-vbs9-gben-9kgc

summary

DOMPurify vulnerable to tampering by prototype polution
dompurify was vulnerable to prototype pollution

Fixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48910.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48910.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48910

reference_id

reference_type

scores

value	0.02592
scoring_system	epss
scoring_elements	0.85613
published_at	2026-04-16T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.8559
published_at	2026-04-13T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.85594
published_at	2026-04-12T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.85597
published_at	2026-04-11T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.85583
published_at	2026-04-09T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.85547
published_at	2026-04-04T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.85553
published_at	2026-04-07T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.85573
published_at	2026-04-08T12:55:00Z

value	0.02808
scoring_system	epss
scoring_elements	0.86074
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48910

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48910
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48910

reference_url

https://github.com/cure53/DOMPurify

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/cure53/DOMPurify

reference_url

https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-31T15:52:58Z/

url

https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc

reference_url

https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-31T15:52:58Z/

url

https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr

reference_url

https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48910

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48910

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2322949
reference_id	2322949
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2322949

reference_url

https://github.com/advisories/GHSA-p3vf-v8qc-cwcr

reference_id

GHSA-p3vf-v8qc-cwcr

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p3vf-v8qc-cwcr

reference_url	https://access.redhat.com/errata/RHSA-2024:10186
reference_id	RHSA-2024:10186
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10186

reference_url	https://access.redhat.com/errata/RHSA-2024:9583
reference_id	RHSA-2024:9583
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9583

reference_url	https://access.redhat.com/errata/RHSA-2025:0079
reference_id	RHSA-2025:0079
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0079

reference_url	https://access.redhat.com/errata/RHSA-2025:0082
reference_id	RHSA-2025:0082
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0082

reference_url	https://access.redhat.com/errata/RHSA-2025:0654
reference_id	RHSA-2025:0654
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0654

reference_url	https://access.redhat.com/errata/RHSA-2025:0875
reference_id	RHSA-2025:0875
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0875

reference_url	https://access.redhat.com/errata/RHSA-2025:18233
reference_id	RHSA-2025:18233
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18233

reference_url	https://access.redhat.com/errata/RHSA-2025:19003
reference_id	RHSA-2025:19003
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19003

reference_url	https://access.redhat.com/errata/RHSA-2025:19017
reference_id	RHSA-2025:19017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19017

reference_url	https://access.redhat.com/errata/RHSA-2025:19047
reference_id	RHSA-2025:19047
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19047

reference_url	https://access.redhat.com/errata/RHSA-2025:19306
reference_id	RHSA-2025:19306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19306

reference_url	https://access.redhat.com/errata/RHSA-2025:19314
reference_id	RHSA-2025:19314
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19314

reference_url	https://access.redhat.com/errata/RHSA-2025:19895
reference_id	RHSA-2025:19895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19895

reference_url	https://access.redhat.com/errata/RHSA-2025:22284
reference_id	RHSA-2025:22284
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22284

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
purl	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.26%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2024-48910, GHSA-p3vf-v8qc-cwcr

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vbs9-gben-9kgc

url VCID-xdbp-7rtr-fyb7

vulnerability_id VCID-xdbp-7rtr-fyb7

summary Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-43365

reference_id

reference_type

scores

value	0.05293
scoring_system	epss
scoring_elements	0.90032
published_at	2026-04-16T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90022
published_at	2026-04-12T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90016
published_at	2026-04-13T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.89975
published_at	2026-04-02T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.89988
published_at	2026-04-04T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.89993
published_at	2026-04-07T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90009
published_at	2026-04-08T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90014
published_at	2026-04-09T12:55:00Z

value	0.05293
scoring_system	epss
scoring_elements	0.90024
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-43365

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr

reference_id

GHSA-49f2-hwx9-qffr

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:21Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
purl	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.28%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.28%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2024-43365

risk_score 2.5

exploitability 0.5

weighted_severity 5.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xdbp-7rtr-fyb7

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie

Package Instance