VulnerableCode Package Details - pkg:apk/alpine/cacti@1.2.25-r0?arch=armv7&distroversion=edge&reponame=community

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-34z4-1zqk-afcm	Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.	CVE-2023-39515
VCID-5ykb-6nvx-k3e4	Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.	CVE-2023-39362
VCID-a8j1-24bw-gudu	security update	CVE-2023-39364
VCID-akj7-kh8f-97ct	security update	CVE-2023-49088
VCID-c2b8-ss11-9yhq	Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.	CVE-2023-39360
VCID-d7t8-6cty-sqde	Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.	CVE-2023-39358
VCID-du4b-tbxt-mqfr	Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The `data_sources.php` script displays the data source management information (e.g. data source path, polling configuration etc.) for different data visualizations of the _cacti_ app. CENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.	CVE-2023-39366
VCID-h6vp-37u4-b7f3	Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.	CVE-2023-39510
VCID-huf2-qwju-6bf2	Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.	CVE-2023-39365
VCID-pau5-hfbv-nucp	Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.	CVE-2023-39513
VCID-pxqa-nkv3-jqfs	Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.	CVE-2023-30534
VCID-sb43-hapb-1uf2	Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.	CVE-2023-39357
VCID-vsjt-qjyw-hbfs	Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.	CVE-2023-39359
VCID-w11p-1pr3-7ybp	Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.	CVE-2023-39511
VCID-ws4h-295a-9qgx	Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.	CVE-2023-39516
VCID-ypan-57sx-vyam	Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.	CVE-2023-39361
VCID-zf92-pzgz-dfg7	Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.	CVE-2023-39512
VCID-znew-xktt-p7hy	Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.	CVE-2023-39514

Vulnerability

Summary

Aliases

VCID-34z4-1zqk-afcm

Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

CVE-2023-39515

VCID-5ykb-6nvx-k3e4

Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

CVE-2023-39362

VCID-a8j1-24bw-gudu

security update

CVE-2023-39364

VCID-akj7-kh8f-97ct

security update

CVE-2023-49088

VCID-c2b8-ss11-9yhq

Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

CVE-2023-39360

VCID-d7t8-6cty-sqde

Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

CVE-2023-39358

VCID-du4b-tbxt-mqfr

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The `data_sources.php` script displays the data source management information (e.g. data source path, polling configuration etc.) for different data visualizations of the _cacti_ app. CENSUS found that an adversary that is able to configure a malicious Device name, can deploy a stored XSS attack against any user of the same (or broader) privileges. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the device names in _cacti_. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.

CVE-2023-39366

VCID-h6vp-37u4-b7f3

Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

CVE-2023-39510

VCID-huf2-qwju-6bf2

Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

CVE-2023-39365

VCID-pau5-hfbv-nucp

Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

CVE-2023-39513

VCID-pxqa-nkv3-jqfs

Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

CVE-2023-30534

VCID-sb43-hapb-1uf2

Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

CVE-2023-39357

VCID-vsjt-qjyw-hbfs

Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

CVE-2023-39359

VCID-w11p-1pr3-7ybp

Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

CVE-2023-39511

VCID-ws4h-295a-9qgx

Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

CVE-2023-39516

VCID-ypan-57sx-vyam

Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

CVE-2023-39361

VCID-zf92-pzgz-dfg7

Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

CVE-2023-39512

VCID-znew-xktt-p7hy

Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

CVE-2023-39514

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-08T06:23:56.581578+00:00	Alpine Linux Importer	Fixing	VCID-d7t8-6cty-sqde	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-08T06:23:15.264456+00:00	Alpine Linux Importer	Fixing	VCID-c2b8-ss11-9yhq	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-07T13:57:35.319527+00:00	Alpine Linux Importer	Fixing	VCID-ws4h-295a-9qgx	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-07T13:57:09.295084+00:00	Alpine Linux Importer	Fixing	VCID-du4b-tbxt-mqfr	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-06T04:52:38.577188+00:00	Alpine Linux Importer	Fixing	VCID-34z4-1zqk-afcm	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-06T04:51:49.194142+00:00	Alpine Linux Importer	Fixing	VCID-pau5-hfbv-nucp	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-06T04:47:28.099769+00:00	Alpine Linux Importer	Fixing	VCID-akj7-kh8f-97ct	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-06T04:45:49.650883+00:00	Alpine Linux Importer	Fixing	VCID-znew-xktt-p7hy	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-03T17:52:15.762715+00:00	Alpine Linux Importer	Fixing	VCID-h6vp-37u4-b7f3	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-03T17:50:44.692845+00:00	Alpine Linux Importer	Fixing	VCID-5ykb-6nvx-k3e4	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-03T17:49:59.213138+00:00	Alpine Linux Importer	Fixing	VCID-pxqa-nkv3-jqfs	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-01T19:32:58.257046+00:00	Alpine Linux Importer	Fixing	VCID-huf2-qwju-6bf2	https://secdb.alpinelinux.org/edge/community.json	38.0.0
2026-04-01T19:32:16.754455+00:00	Alpine Linux Importer	Fixing	VCID-w11p-1pr3-7ybp	https://secdb.alpinelinux.org/edge/community.json	38.0.0
2026-04-01T19:08:04.822861+00:00	Alpine Linux Importer	Fixing	VCID-a8j1-24bw-gudu	https://secdb.alpinelinux.org/edge/community.json	38.0.0
2026-04-01T19:07:51.578991+00:00	Alpine Linux Importer	Fixing	VCID-zf92-pzgz-dfg7	https://secdb.alpinelinux.org/edge/community.json	38.0.0
2026-04-01T19:01:33.797195+00:00	Alpine Linux Importer	Fixing	VCID-ypan-57sx-vyam	https://secdb.alpinelinux.org/edge/community.json	38.0.0
2026-04-01T19:01:00.889963+00:00	Alpine Linux Importer	Fixing	VCID-sb43-hapb-1uf2	https://secdb.alpinelinux.org/edge/community.json	38.0.0
2026-04-01T18:53:21.689738+00:00	Alpine Linux Importer	Fixing	VCID-vsjt-qjyw-hbfs	https://secdb.alpinelinux.org/edge/community.json	38.0.0