Search for packages
| purl | pkg:deb/debian/cacti@1.1.16%2Bds1-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-9vce-mkth-v3gn | Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vulnerability exists because of an incomplete fix (lack of the htmlspecialchars ENT_QUOTES flag) for CVE-2017-11163. |
CVE-2017-12066
|
| VCID-aajr-s1n1-4ybu | Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2017-12065
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T12:38:19.887452+00:00 | Debian Importer | Fixing | VCID-aajr-s1n1-4ybu | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-16T08:53:49.057902+00:00 | Debian Importer | Fixing | VCID-9vce-mkth-v3gn | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-13T08:39:36.124323+00:00 | Debian Importer | Fixing | VCID-aajr-s1n1-4ybu | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-11T17:58:12.439230+00:00 | Debian Importer | Fixing | VCID-9vce-mkth-v3gn | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-02T17:15:40.352613+00:00 | Debian Importer | Fixing | VCID-aajr-s1n1-4ybu | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-02T17:03:05.308989+00:00 | Debian Importer | Fixing | VCID-9vce-mkth-v3gn | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |