Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (7)
| Vulnerability |
Summary |
Aliases |
|
VCID-1ff1-vhuj-hkdc
|
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php.
|
CVE-2021-3816
|
|
VCID-29q9-twke-2bdx
|
A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
|
CVE-2018-20725
|
|
VCID-86gq-jsgy-8uep
|
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php.
|
CVE-2021-23225
|
|
VCID-89pf-69jk-syfk
|
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
|
CVE-2018-20724
|
|
VCID-bj2d-v5dw-ykc7
|
Cacti: Privilege escalation under certain conditions
|
CVE-2009-4112
|
|
VCID-kkn3-ars7-gkbk
|
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
|
CVE-2018-20723
|
|
VCID-nbfc-ex1y-37he
|
A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
|
CVE-2018-20726
|