{"url":"http://public2.vulnerablecode.io/api/packages/384971?format=json","purl":"pkg:apk/alpine/cacti@1.2.29-r0?arch=x86&distroversion=v3.21&reponame=community","type":"apk","namespace":"alpine","name":"cacti","version":"1.2.29-r0","qualifiers":{"arch":"x86","distroversion":"v3.21","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96527?format=json","vulnerability_id":"VCID-4twv-1yys-eban","summary":"Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an array that is used as part of a system command, causing a command execution vulnerability. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22604","reference_id":"","reference_type":"","scores":[{"value":"0.70074","scoring_system":"epss","scoring_elements":"0.98685","published_at":"2026-04-29T12:55:00Z"},{"value":"0.70494","scoring_system":"epss","scoring_elements":"0.98711","published_at":"2026-05-12T12:55:00Z"},{"value":"0.70494","scoring_system":"epss","scoring_elements":"0.9871","published_at":"2026-05-11T12:55:00Z"},{"value":"0.70494","scoring_system":"epss","scoring_elements":"0.98708","published_at":"2026-05-09T12:55:00Z"},{"value":"0.70494","scoring_system":"epss","scoring_elements":"0.98713","published_at":"2026-05-14T12:55:00Z"},{"value":"0.70494","scoring_system":"epss","scoring_elements":"0.98706","published_at":"2026-05-05T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98742","published_at":"2026-04-02T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98758","published_at":"2026-04-21T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98762","published_at":"2026-04-24T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98763","published_at":"2026-04-26T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98757","published_at":"2026-04-18T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98746","published_at":"2026-04-04T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98749","published_at":"2026-04-07T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.9875","published_at":"2026-04-09T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98753","published_at":"2026-04-12T12:55:00Z"},{"value":"0.72211","scoring_system":"epss","scoring_elements":"0.98754","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-22604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22604"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574","reference_id":"1094574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574"},{"reference_url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_id":"c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/"}],"url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36","reference_id":"GHSA-c5j8-jxj3-hh36","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-01-27T18:46:22Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-c5j8-jxj3-hh36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384971?format=json","purl":"pkg:apk/alpine/cacti@1.2.29-r0?arch=x86&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2025-22604"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4twv-1yys-eban"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96207?format=json","vulnerability_id":"VCID-6ze5-dqdn-ykg3","summary":"Cacti is an open source performance and fault management framework. Prior to 1.2.29, an administrator can change the `Poller Standard Error Log Path` parameter in either Installation Step 5 or in Configuration->Settings->Paths tab to a local file inside the server. Then simply going to Logs tab and selecting the name of the local file will show its content on the web UI. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45598","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19664","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19668","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1981","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19532","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19611","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19758","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.2486","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24848","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24804","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24874","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24993","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24939","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24951","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24944","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24917","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25168","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25228","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25155","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25174","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25252","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25104","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45598"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574","reference_id":"1094574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384971?format=json","purl":"pkg:apk/alpine/cacti@1.2.29-r0?arch=x86&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2024-45598"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ze5-dqdn-ykg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96561?format=json","vulnerability_id":"VCID-7m68-seeq-tuae","summary":"Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24368","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.2139","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21335","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29193","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29093","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29153","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29168","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29092","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29112","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.2964","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29678","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.2968","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29636","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29586","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29605","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29579","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29534","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29418","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29304","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29239","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34947","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24368"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24368"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574","reference_id":"1094574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574"},{"reference_url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_id":"c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/"}],"url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c","reference_id":"GHSA-f9c7-7rc3-574c","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:53:31Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-f9c7-7rc3-574c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384971?format=json","purl":"pkg:apk/alpine/cacti@1.2.29-r0?arch=x86&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2025-24368"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7m68-seeq-tuae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/243855?format=json","vulnerability_id":"VCID-a1a1-zuaj-mqaa","summary":"Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page. Version 1.2.27 contains a patch for the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27082","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58097","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58013","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58083","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57976","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57995","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57971","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58027","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58029","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58046","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58024","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58003","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58034","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58032","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5801","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57973","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5799","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57972","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.5793","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57985","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27082"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h","reference_id":"GHSA-j868-7vjp-rp9h","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T14:24:32Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384971?format=json","purl":"pkg:apk/alpine/cacti@1.2.29-r0?arch=x86&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2024-27082"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a1a1-zuaj-mqaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96189?format=json","vulnerability_id":"VCID-be57-gxmc-vqd4","summary":"Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43362","reference_id":"","reference_type":"","scores":[{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90275","published_at":"2026-05-15T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90192","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90191","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90185","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90203","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90204","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.902","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90214","published_at":"2026-04-24T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90213","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.9021","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90156","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90162","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90177","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05453","scoring_system":"epss","scoring_elements":"0.90183","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05594","scoring_system":"epss","scoring_elements":"0.90347","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05594","scoring_system":"epss","scoring_elements":"0.90372","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05594","scoring_system":"epss","scoring_elements":"0.90381","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05594","scoring_system":"epss","scoring_elements":"0.90394","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05594","scoring_system":"epss","scoring_elements":"0.90364","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05594","scoring_system":"epss","scoring_elements":"0.90375","published_at":"2026-05-09T12:55:00Z"},{"value":"0.07763","scoring_system":"epss","scoring_elements":"0.91918","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43362"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c","reference_id":"GHSA-wh9c-v56x-v77c","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:07:47Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/440912?format=json","purl":"pkg:apk/alpine/cacti@1.2.28-r0?arch=x86&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=x86&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/384971?format=json","purl":"pkg:apk/alpine/cacti@1.2.29-r0?arch=x86&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2024-43362"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-be57-gxmc-vqd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96190?format=json","vulnerability_id":"VCID-hj89-pnag-3fer","summary":"Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43363","reference_id":"","reference_type":"","scores":[{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98902","published_at":"2026-05-15T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98899","published_at":"2026-05-12T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98901","published_at":"2026-05-14T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98868","published_at":"2026-04-02T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98869","published_at":"2026-04-04T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98872","published_at":"2026-04-09T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98873","published_at":"2026-04-08T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98875","published_at":"2026-04-11T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98876","published_at":"2026-04-13T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98878","published_at":"2026-04-16T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98879","published_at":"2026-04-18T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98883","published_at":"2026-04-21T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98888","published_at":"2026-04-24T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98887","published_at":"2026-04-26T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98889","published_at":"2026-04-29T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98892","published_at":"2026-05-05T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98893","published_at":"2026-05-07T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98895","published_at":"2026-05-09T12:55:00Z"},{"value":"0.75133","scoring_system":"epss","scoring_elements":"0.98897","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43363"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4","reference_id":"GHSA-gxq4-mv8h-6qj4","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-08T14:21:20Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/440912?format=json","purl":"pkg:apk/alpine/cacti@1.2.28-r0?arch=x86&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=x86&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/384971?format=json","purl":"pkg:apk/alpine/cacti@1.2.29-r0?arch=x86&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2024-43363"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hj89-pnag-3fer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96560?format=json","vulnerability_id":"VCID-khhn-9sja-sfgr","summary":"Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24367","reference_id":"","reference_type":"","scores":[{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99621","published_at":"2026-05-14T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99617","published_at":"2026-05-09T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99618","published_at":"2026-05-11T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99619","published_at":"2026-05-12T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99606","published_at":"2026-04-04T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99608","published_at":"2026-04-11T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99609","published_at":"2026-04-13T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.9961","published_at":"2026-04-18T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99611","published_at":"2026-04-21T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99612","published_at":"2026-04-24T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99613","published_at":"2026-04-26T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99614","published_at":"2026-04-29T12:55:00Z"},{"value":"0.90486","scoring_system":"epss","scoring_elements":"0.99616","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-24367"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24367"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574","reference_id":"1094574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574"},{"reference_url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_id":"c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/"}],"url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq","reference_id":"GHSA-fxrq-fr7h-9rqq","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:54:34Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fxrq-fr7h-9rqq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384971?format=json","purl":"pkg:apk/alpine/cacti@1.2.29-r0?arch=x86&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2025-24367"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"7.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-khhn-9sja-sfgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96191?format=json","vulnerability_id":"VCID-s8du-gzj2-gkc1","summary":"Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43364","reference_id":"","reference_type":"","scores":[{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90112","published_at":"2026-05-15T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90014","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90024","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90022","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90016","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90032","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90033","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.9003","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90048","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90047","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89988","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89993","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90009","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.9022","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90235","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90249","published_at":"2026-05-14T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90205","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90231","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90226","published_at":"2026-05-11T12:55:00Z"},{"value":"0.07542","scoring_system":"epss","scoring_elements":"0.91788","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43364"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5","reference_id":"GHSA-fgc6-g8gc-wcg5","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:27Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/440912?format=json","purl":"pkg:apk/alpine/cacti@1.2.28-r0?arch=x86&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=x86&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/384971?format=json","purl":"pkg:apk/alpine/cacti@1.2.29-r0?arch=x86&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2024-43364"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s8du-gzj2-gkc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96284?format=json","vulnerability_id":"VCID-sx2t-uzae-2fh9","summary":"Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54145","reference_id":"","reference_type":"","scores":[{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24603","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24415","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.2464","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39219","published_at":"2026-05-15T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39631","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3964","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39604","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39587","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39638","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39609","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39525","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39346","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.3933","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39248","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39616","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39853","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39795","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39865","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39769","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.39835","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00185","scoring_system":"epss","scoring_elements":"0.3977","published_at":"2026-05-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-54145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-54145"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574","reference_id":"1094574","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094574"},{"reference_url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_id":"c7e4ee798d263a3209ae6e7ba182c7b65284d8f0","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/"}],"url":"https://github.com/Cacti/cacti/commit/c7e4ee798d263a3209ae6e7ba182c7b65284d8f0"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp","reference_id":"GHSA-fh3x-69rr-qqpp","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T18:46:54Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-fh3x-69rr-qqpp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/384971?format=json","purl":"pkg:apk/alpine/cacti@1.2.29-r0?arch=x86&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2024-54145"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sx2t-uzae-2fh9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96192?format=json","vulnerability_id":"VCID-xdbp-7rtr-fyb7","summary":"Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43365","reference_id":"","reference_type":"","scores":[{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90112","published_at":"2026-05-15T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90024","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90022","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90016","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90032","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90033","published_at":"2026-04-18T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.9003","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90048","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90047","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89975","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89988","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.89993","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90009","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05293","scoring_system":"epss","scoring_elements":"0.90014","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90205","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.9022","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90231","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90226","published_at":"2026-05-11T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90235","published_at":"2026-05-12T12:55:00Z"},{"value":"0.0543","scoring_system":"epss","scoring_elements":"0.90249","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43365"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365"},{"reference_url":"https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr","reference_id":"GHSA-49f2-hwx9-qffr","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:21Z/"}],"url":"https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/440912?format=json","purl":"pkg:apk/alpine/cacti@1.2.28-r0?arch=x86&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=x86&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/384971?format=json","purl":"pkg:apk/alpine/cacti@1.2.29-r0?arch=x86&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2024-43365"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xdbp-7rtr-fyb7"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=x86&distroversion=v3.21&reponame=community"}