Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/584477?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/584477?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "type": "deb", "namespace": "debian", "name": "cacti", "version": "1.2.16+ds1-2+deb11u5", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.2.19+ds1-1", "latest_non_vulnerable_version": "1.2.30+ds1-2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96527?format=api", "vulnerability_id": "VCID-4twv-1yys-eban", "summary": "Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22604", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.98757", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.9875", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.98753", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.98754", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.98742", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.98746", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.72211", "scoring_system": "epss", "scoring_elements": "0.98749", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-22604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574", "reference_id": "1094574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574" }, { "reference_url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_id": "c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/" } ], "url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36", "reference_id": "GHSA-c5j8-jxj3-hh36", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582138?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584477?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582140?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584478?format=api", "purl": "pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582142?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582143?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-22604" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4twv-1yys-eban" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96207?format=api", "vulnerability_id": "VCID-6ze5-dqdn-ykg3", "summary": "Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45598", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19758", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1981", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19532", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19611", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19664", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.19668", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24993", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24939", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24951", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574", "reference_id": "1094574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582138?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584477?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582140?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584478?format=api", "purl": "pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582142?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582143?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-45598" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ze5-dqdn-ykg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96561?format=api", "vulnerability_id": "VCID-7m68-seeq-tuae", "summary": "Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24368", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2139", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21335", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29605", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.2964", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29678", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.2968", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29636", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00112", "scoring_system": "epss", "scoring_elements": "0.29586", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34947", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24368" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574", "reference_id": "1094574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574" }, { "reference_url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_id": "c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/" } ], "url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c", "reference_id": "GHSA-f9c7-7rc3-574c", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582138?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584477?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582140?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584478?format=api", "purl": "pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582142?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582143?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-24368" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7m68-seeq-tuae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96189?format=api", "vulnerability_id": "VCID-be57-gxmc-vqd4", "summary": "Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43362", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90203", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90192", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90191", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90185", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90156", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90162", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90177", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05453", "scoring_system": "epss", "scoring_elements": "0.90183", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07763", "scoring_system": "epss", "scoring_elements": "0.91918", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43362" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c", "reference_id": "GHSA-wh9c-v56x-v77c", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:07:47Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582138?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584477?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582140?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584524?format=api", "purl": "pkg:deb/debian/cacti@1.2.28%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582142?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582143?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-43362" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-be57-gxmc-vqd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96190?format=api", "vulnerability_id": "VCID-hj89-pnag-3fer", "summary": "Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43363", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98878", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98875", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98876", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98868", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98869", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98872", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.75133", "scoring_system": "epss", "scoring_elements": "0.98873", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43363" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4", "reference_id": "GHSA-gxq4-mv8h-6qj4", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-08T14:21:20Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582138?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584477?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582140?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584524?format=api", "purl": "pkg:deb/debian/cacti@1.2.28%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582142?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582143?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-43363" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hj89-pnag-3fer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96560?format=api", "vulnerability_id": "VCID-khhn-9sja-sfgr", "summary": "Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24367", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90486", "scoring_system": "epss", "scoring_elements": "0.99606", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.90486", "scoring_system": "epss", "scoring_elements": "0.99608", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.90486", "scoring_system": "epss", "scoring_elements": "0.99609", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.90486", "scoring_system": "epss", "scoring_elements": "0.9961", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-24367" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574", "reference_id": "1094574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574" }, { "reference_url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_id": "c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/" } ], "url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq", "reference_id": "GHSA-fxrq-fr7h-9rqq", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582138?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584477?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582140?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584478?format=api", "purl": "pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582142?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582143?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-24367" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-khhn-9sja-sfgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11742?format=api", "vulnerability_id": "VCID-mebp-4rfu-vqcq", "summary": "DOMpurify has a nesting-based mXSS\nDOMpurify was vulnerable to nesting-based mXSS \n\nfixed by [0ef5e537](https://github.com/cure53/DOMPurify/tree/0ef5e537a514f904b6aa1d7ad9e749e365d7185f) (2.x) and\n[merge 943](https://github.com/cure53/DOMPurify/pull/943)\n\nBackporter should be aware of GHSA-mmhx-hmjr-r674 (CVE-2024-45801) when cherry-picking\n\nPOC is avaible under [test](https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47875.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47875.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47875", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.72019", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71978", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71993", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.7201", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71986", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71974", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71935", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71959", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.71939", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-47875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875" }, { "reference_url": "http://seclists.org/fulldisclosure/2025/Apr/14", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2025/Apr/14" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/cure53/DOMPurify", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/cure53/DOMPurify" }, { "reference_url": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/" } ], "url": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098" }, { "reference_url": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/" } ], "url": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f" }, { "reference_url": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/" } ], "url": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a" }, { "reference_url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf", "reference_id": "", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/" } ], "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47875", "reference_id": "", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H" }, { "value": "7.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47875" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983", "reference_id": "1084983", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318052", "reference_id": "2318052", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318052" }, { "reference_url": "https://github.com/advisories/GHSA-gx9m-whjm-85jf", "reference_id": "GHSA-gx9m-whjm-85jf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gx9m-whjm-85jf" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10236", "reference_id": "RHSA-2024:10236", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10236" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10988", "reference_id": "RHSA-2024:10988", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10988" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8683", "reference_id": "RHSA-2024:8683", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8683" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8981", "reference_id": "RHSA-2024:8981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9473", "reference_id": "RHSA-2024:9473", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9473" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9629", "reference_id": "RHSA-2024:9629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0329", "reference_id": "RHSA-2025:0329", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0329" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582138?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584477?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583697?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582140?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583698?format=api", "purl": "pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.26%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582142?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582143?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-47875", "GHSA-gx9m-whjm-85jf" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mebp-4rfu-vqcq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96191?format=api", "vulnerability_id": "VCID-s8du-gzj2-gkc1", "summary": "Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43364", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90032", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90024", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90022", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90016", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.89988", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.89993", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90009", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90014", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07542", "scoring_system": "epss", "scoring_elements": "0.91788", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43364" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5", "reference_id": "GHSA-fgc6-g8gc-wcg5", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:27Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582138?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584477?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582140?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584524?format=api", "purl": "pkg:deb/debian/cacti@1.2.28%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582142?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582143?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-43364" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s8du-gzj2-gkc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96284?format=api", "vulnerability_id": "VCID-sx2t-uzae-2fh9", "summary": "Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54145", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24603", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24415", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.2464", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39638", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39631", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.3964", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39604", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39587", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0018", "scoring_system": "epss", "scoring_elements": "0.39616", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-54145" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574", "reference_id": "1094574", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574" }, { "reference_url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_id": "c7e4ee798d263a3209ae6e7ba182c7b65284d8f0", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/" } ], "url": "https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp", "reference_id": "GHSA-fh3x-69rr-qqpp", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582138?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584477?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582140?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584478?format=api", "purl": "pkg:deb/debian/cacti@1.2.28%2Bds1-4?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-4%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582142?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582143?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-54145" ], "risk_score": 2.9, "exploitability": "0.5", "weighted_severity": "5.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sx2t-uzae-2fh9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11772?format=api", "vulnerability_id": "VCID-vbs9-gben-9kgc", "summary": "DOMPurify vulnerable to tampering by prototype polution\ndompurify was vulnerable to prototype pollution\n\nFixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48910.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48910.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48910", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85613", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.8559", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85594", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85597", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85583", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85547", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85553", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02592", "scoring_system": "epss", "scoring_elements": "0.85573", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02808", "scoring_system": "epss", "scoring_elements": "0.86074", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-48910" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48910" }, { "reference_url": "https://github.com/cure53/DOMPurify", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/cure53/DOMPurify" }, { "reference_url": "https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-31T15:52:58Z/" } ], "url": "https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc" }, { "reference_url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-31T15:52:58Z/" } ], "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48910", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48910" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322949", "reference_id": "2322949", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322949" }, { "reference_url": "https://github.com/advisories/GHSA-p3vf-v8qc-cwcr", "reference_id": "GHSA-p3vf-v8qc-cwcr", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p3vf-v8qc-cwcr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10186", "reference_id": "RHSA-2024:10186", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10186" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9583", "reference_id": "RHSA-2024:9583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0079", "reference_id": "RHSA-2025:0079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0082", "reference_id": "RHSA-2025:0082", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0082" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0654", "reference_id": "RHSA-2025:0654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0875", "reference_id": "RHSA-2025:0875", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0875" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18233", "reference_id": "RHSA-2025:18233", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18233" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19003", "reference_id": "RHSA-2025:19003", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19003" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19017", "reference_id": "RHSA-2025:19017", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19017" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19047", "reference_id": "RHSA-2025:19047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19306", "reference_id": "RHSA-2025:19306", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19306" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19314", "reference_id": "RHSA-2025:19314", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19314" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19895", "reference_id": "RHSA-2025:19895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:19895" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:22284", "reference_id": "RHSA-2025:22284", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:22284" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582138?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584477?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583697?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582140?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/583698?format=api", "purl": "pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.26%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582142?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582143?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-48910", "GHSA-p3vf-v8qc-cwcr" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vbs9-gben-9kgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/96192?format=api", "vulnerability_id": "VCID-xdbp-7rtr-fyb7", "summary": "Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90032", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90022", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90016", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.89975", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.89988", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.89993", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90009", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90014", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05293", "scoring_system": "epss", "scoring_elements": "0.90024", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365" }, { "reference_url": "https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr", "reference_id": "GHSA-49f2-hwx9-qffr", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:21Z/" } ], "url": "https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582138?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-cqr3-wwhj-tyck" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" }, { "vulnerability": "VCID-zxu5-equ9-1kam" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584477?format=api", "purl": "pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582140?format=api", "purl": "pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e5y-1s19-r7g7" }, { "vulnerability": "VCID-pxqa-nkv3-jqfs" }, { "vulnerability": "VCID-xkkm-ss3p-1udc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/584524?format=api", "purl": "pkg:deb/debian/cacti@1.2.28%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.28%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582142?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582143?format=api", "purl": "pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-43365" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xdbp-7rtr-fyb7" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie" }