Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/cacti@1.2.28-r0?arch=armv7&distroversion=v3.22&reponame=community
Typeapk
Namespacealpine
Namecacti
Version1.2.28-r0
Qualifiers
arch armv7
distroversion v3.22
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.2.29-r0
Latest_non_vulnerable_version1.2.29-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-68dv-td7h-d3ex
vulnerability_id VCID-68dv-td7h-d3ex
summary Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43362
reference_id
reference_type
scores
0
value 0.05453
scoring_system epss
scoring_elements 0.90362
published_at 2026-06-05T12:55:00Z
1
value 0.05453
scoring_system epss
scoring_elements 0.90361
published_at 2026-06-06T12:55:00Z
2
value 0.05453
scoring_system epss
scoring_elements 0.90359
published_at 2026-06-08T12:55:00Z
3
value 0.05453
scoring_system epss
scoring_elements 0.90375
published_at 2026-06-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43362
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43362
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c
reference_id GHSA-wh9c-v56x-v77c
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:07:47Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-wh9c-v56x-v77c
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.28-r0?arch=armv7&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/cacti@1.2.28-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=armv7&distroversion=v3.22&reponame=community
1
url pkg:apk/alpine/cacti@1.2.29-r0?arch=armv7&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/cacti@1.2.29-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=armv7&distroversion=v3.22&reponame=community
aliases CVE-2024-43362
risk_score 3.3
exploitability 0.5
weighted_severity 6.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-68dv-td7h-d3ex
1
url VCID-fjbs-apyn-tuc9
vulnerability_id VCID-fjbs-apyn-tuc9
summary Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43365
reference_id
reference_type
scores
0
value 0.0543
scoring_system epss
scoring_elements 0.90342
published_at 2026-06-06T12:55:00Z
1
value 0.0543
scoring_system epss
scoring_elements 0.90339
published_at 2026-06-08T12:55:00Z
2
value 0.0543
scoring_system epss
scoring_elements 0.90356
published_at 2026-06-09T12:55:00Z
3
value 0.0543
scoring_system epss
scoring_elements 0.90344
published_at 2026-06-05T12:55:00Z
4
value 0.0543
scoring_system epss
scoring_elements 0.9034
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43365
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43365
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr
reference_id GHSA-49f2-hwx9-qffr
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:21Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.28-r0?arch=armv7&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/cacti@1.2.28-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=armv7&distroversion=v3.22&reponame=community
1
url pkg:apk/alpine/cacti@1.2.29-r0?arch=armv7&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/cacti@1.2.29-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=armv7&distroversion=v3.22&reponame=community
aliases CVE-2024-43365
risk_score 2.5
exploitability 0.5
weighted_severity 5.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fjbs-apyn-tuc9
2
url VCID-h8kc-judb-7qbs
vulnerability_id VCID-h8kc-judb-7qbs
summary Cacti is an open source performance and fault management framework. An admin user can create a device with a malicious hostname containing php code and repeat the installation process (completing only step 5 of the installation process is enough, no need to complete the steps before or after it) to use a php file as the cacti log file. After having the malicious hostname end up in the logs (log poisoning), one can simply go to the log file url to execute commands to achieve RCE. This issue has been addressed in version 1.2.28 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43363
reference_id
reference_type
scores
0
value 0.75133
scoring_system epss
scoring_elements 0.98898
published_at 2026-06-06T12:55:00Z
1
value 0.75133
scoring_system epss
scoring_elements 0.98895
published_at 2026-06-08T12:55:00Z
2
value 0.75133
scoring_system epss
scoring_elements 0.98894
published_at 2026-06-09T12:55:00Z
3
value 0.75133
scoring_system epss
scoring_elements 0.98897
published_at 2026-06-05T12:55:00Z
4
value 0.75133
scoring_system epss
scoring_elements 0.98896
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43363
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43363
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4
reference_id GHSA-gxq4-mv8h-6qj4
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-08T14:21:20Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-gxq4-mv8h-6qj4
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.28-r0?arch=armv7&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/cacti@1.2.28-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=armv7&distroversion=v3.22&reponame=community
1
url pkg:apk/alpine/cacti@1.2.29-r0?arch=armv7&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/cacti@1.2.29-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=armv7&distroversion=v3.22&reponame=community
aliases CVE-2024-43363
risk_score 3.2
exploitability 0.5
weighted_severity 6.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h8kc-judb-7qbs
3
url VCID-unap-23sk-zfcd
vulnerability_id VCID-unap-23sk-zfcd
summary Cacti is an open source performance and fault management framework. The `title` parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `title` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43364
reference_id
reference_type
scores
0
value 0.05293
scoring_system epss
scoring_elements 0.90201
published_at 2026-06-06T12:55:00Z
1
value 0.05293
scoring_system epss
scoring_elements 0.90199
published_at 2026-06-08T12:55:00Z
2
value 0.05293
scoring_system epss
scoring_elements 0.90214
published_at 2026-06-09T12:55:00Z
3
value 0.05293
scoring_system epss
scoring_elements 0.90203
published_at 2026-06-05T12:55:00Z
4
value 0.05293
scoring_system epss
scoring_elements 0.902
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43364
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-43364
2
reference_url https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5
reference_id GHSA-fgc6-g8gc-wcg5
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-08T13:58:27Z/
url https://github.com/Cacti/cacti/security/advisories/GHSA-fgc6-g8gc-wcg5
fixed_packages
0
url pkg:apk/alpine/cacti@1.2.28-r0?arch=armv7&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/cacti@1.2.28-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=armv7&distroversion=v3.22&reponame=community
1
url pkg:apk/alpine/cacti@1.2.29-r0?arch=armv7&distroversion=v3.22&reponame=community
purl pkg:apk/alpine/cacti@1.2.29-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.29-r0%3Farch=armv7&distroversion=v3.22&reponame=community
aliases CVE-2024-43364
risk_score 2.5
exploitability 0.5
weighted_severity 5.1
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-unap-23sk-zfcd
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/cacti@1.2.28-r0%3Farch=armv7&distroversion=v3.22&reponame=community