VulnerableCode Package Details - pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-akj7-kh8f-97ct	security update	CVE-2023-49088
VCID-ay5a-nkmf-5yar	security update	CVE-2023-49086
VCID-c2b8-ss11-9yhq	Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.	CVE-2023-39360
VCID-d7db-n89n-qyd8	security update	CVE-2023-49084
VCID-h3qa-svy4-1fcr	security update	CVE-2023-49085
VCID-mebp-4rfu-vqcq	DOMpurify has a nesting-based mXSS DOMpurify was vulnerable to nesting-based mXSS fixed by [0ef5e537](https://github.com/cure53/DOMPurify/tree/0ef5e537a514f904b6aa1d7ad9e749e365d7185f) (2.x) and [merge 943](https://github.com/cure53/DOMPurify/pull/943) Backporter should be aware of GHSA-mmhx-hmjr-r674 (CVE-2024-45801) when cherry-picking POC is avaible under [test](https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098)	CVE-2024-47875 GHSA-gx9m-whjm-85jf
VCID-mwbm-aphc-akgu	Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.	CVE-2023-50250
VCID-pau5-hfbv-nucp	Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.	CVE-2023-39513
VCID-vbs9-gben-9kgc	DOMPurify vulnerable to tampering by prototype polution dompurify was vulnerable to prototype pollution Fixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc	CVE-2024-48910 GHSA-p3vf-v8qc-cwcr

Vulnerability

Summary

Aliases

VCID-akj7-kh8f-97ct

security update

CVE-2023-49088

VCID-ay5a-nkmf-5yar

security update

CVE-2023-49086

VCID-c2b8-ss11-9yhq

Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

CVE-2023-39360

VCID-d7db-n89n-qyd8

security update

CVE-2023-49084

VCID-h3qa-svy4-1fcr

security update

CVE-2023-49085

VCID-mebp-4rfu-vqcq

DOMpurify has a nesting-based mXSS DOMpurify was vulnerable to nesting-based mXSS fixed by [0ef5e537](https://github.com/cure53/DOMPurify/tree/0ef5e537a514f904b6aa1d7ad9e749e365d7185f) (2.x) and [merge 943](https://github.com/cure53/DOMPurify/pull/943) Backporter should be aware of GHSA-mmhx-hmjr-r674 (CVE-2024-45801) when cherry-picking POC is avaible under [test](https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098)

CVE-2024-47875
GHSA-gx9m-whjm-85jf

VCID-mwbm-aphc-akgu

Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.

CVE-2023-50250

VCID-pau5-hfbv-nucp

Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

CVE-2023-39513

VCID-vbs9-gben-9kgc

DOMPurify vulnerable to tampering by prototype polution dompurify was vulnerable to prototype pollution Fixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc

CVE-2024-48910
GHSA-p3vf-v8qc-cwcr

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:09:56.773236+00:00	Debian Importer	Fixing	VCID-vbs9-gben-9kgc	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:39:59.553591+00:00	Debian Importer	Fixing	VCID-h3qa-svy4-1fcr	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:10:37.481286+00:00	Debian Importer	Fixing	VCID-ay5a-nkmf-5yar	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:56:13.134634+00:00	Debian Importer	Fixing	VCID-d7db-n89n-qyd8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:45:04.177772+00:00	Debian Importer	Fixing	VCID-c2b8-ss11-9yhq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:29:48.299031+00:00	Debian Importer	Fixing	VCID-mebp-4rfu-vqcq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:22:13.182167+00:00	Debian Importer	Fixing	VCID-mwbm-aphc-akgu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:36:49.719230+00:00	Debian Importer	Fixing	VCID-pau5-hfbv-nucp	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:14:49.135363+00:00	Debian Importer	Fixing	VCID-akj7-kh8f-97ct	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:19:09.723739+00:00	Debian Importer	Fixing	VCID-vbs9-gben-9kgc	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:56:51.008884+00:00	Debian Importer	Fixing	VCID-h3qa-svy4-1fcr	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:35:49.529533+00:00	Debian Importer	Fixing	VCID-ay5a-nkmf-5yar	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:24:56.319085+00:00	Debian Importer	Fixing	VCID-d7db-n89n-qyd8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:16:16.853324+00:00	Debian Importer	Fixing	VCID-c2b8-ss11-9yhq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:05:06.402287+00:00	Debian Importer	Fixing	VCID-mebp-4rfu-vqcq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:59:09.730932+00:00	Debian Importer	Fixing	VCID-mwbm-aphc-akgu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:24:02.197551+00:00	Debian Importer	Fixing	VCID-pau5-hfbv-nucp	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:10:59.779016+00:00	Debian Importer	Fixing	VCID-akj7-kh8f-97ct	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-02T17:13:55.231819+00:00	Debian Importer	Fixing	VCID-vbs9-gben-9kgc	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:12:22.169565+00:00	Debian Importer	Fixing	VCID-h3qa-svy4-1fcr	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:10:39.572113+00:00	Debian Importer	Fixing	VCID-ay5a-nkmf-5yar	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:09:54.478019+00:00	Debian Importer	Fixing	VCID-d7db-n89n-qyd8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:09:19.014159+00:00	Debian Importer	Fixing	VCID-c2b8-ss11-9yhq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:08:21.232856+00:00	Debian Importer	Fixing	VCID-mebp-4rfu-vqcq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:07:52.257812+00:00	Debian Importer	Fixing	VCID-mwbm-aphc-akgu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:05:21.546700+00:00	Debian Importer	Fixing	VCID-pau5-hfbv-nucp	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-02T17:04:21.544321+00:00	Debian Importer	Fixing	VCID-akj7-kh8f-97ct	https://security-tracker.debian.org/tracker/data/json	38.1.0