Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie

Type deb

Namespace debian

Name cacti

Version 1.2.24+ds1-1+deb12u2

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.2.24+ds1-1+deb12u3

Latest_non_vulnerable_version 1.2.30+ds1-2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-akj7-kh8f-97ct

vulnerability_id VCID-akj7-kh8f-97ct

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49088

reference_id

reference_type

scores

value	0.0102
scoring_system	epss
scoring_elements	0.77167
published_at	2026-04-02T12:55:00Z

value	0.0102
scoring_system	epss
scoring_elements	0.77196
published_at	2026-04-04T12:55:00Z

value	0.0102
scoring_system	epss
scoring_elements	0.77177
published_at	2026-04-07T12:55:00Z

value	0.0102
scoring_system	epss
scoring_elements	0.7721
published_at	2026-04-08T12:55:00Z

value	0.0102
scoring_system	epss
scoring_elements	0.77218
published_at	2026-04-09T12:55:00Z

value	0.0102
scoring_system	epss
scoring_elements	0.77246
published_at	2026-04-11T12:55:00Z

value	0.0102
scoring_system	epss
scoring_elements	0.77225
published_at	2026-04-12T12:55:00Z

value	0.0102
scoring_system	epss
scoring_elements	0.77221
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49088

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088

reference_url

https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php

reference_id

data_debug.php

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/

url

https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h

reference_id

GHSA-hrg9-qqqx-wc4h

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h

reference_url

https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x

reference_id

GHSA-q7g7-gcf6-wh4x

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/

url

https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x

reference_url

https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/

url

https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

reference_id

RBEOAFKRARQHTDIYSL723XAFJ2Q6624X

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-03-26T04:00:42Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.26%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2023-49088

risk_score 2.8

exploitability 0.5

weighted_severity 5.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-akj7-kh8f-97ct

url VCID-ay5a-nkmf-5yar

vulnerability_id VCID-ay5a-nkmf-5yar

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49086

reference_id

reference_type

scores

value	0.00949
scoring_system	epss
scoring_elements	0.76305
published_at	2026-04-02T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76335
published_at	2026-04-04T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76314
published_at	2026-04-07T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76347
published_at	2026-04-08T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76361
published_at	2026-04-09T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76387
published_at	2026-04-11T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76365
published_at	2026-04-12T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.7636
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254
reference_id	1059254
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.26%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2023-49086

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ay5a-nkmf-5yar

url VCID-c2b8-ss11-9yhq

vulnerability_id VCID-c2b8-ss11-9yhq

summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39360

reference_id

reference_type

scores

value	0.00629
scoring_system	epss
scoring_elements	0.70215
published_at	2026-04-02T12:55:00Z

value	0.00629
scoring_system	epss
scoring_elements	0.70232
published_at	2026-04-04T12:55:00Z

value	0.00629
scoring_system	epss
scoring_elements	0.70209
published_at	2026-04-07T12:55:00Z

value	0.00629
scoring_system	epss
scoring_elements	0.70255
published_at	2026-04-08T12:55:00Z

value	0.00629
scoring_system	epss
scoring_elements	0.7027
published_at	2026-04-09T12:55:00Z

value	0.00629
scoring_system	epss
scoring_elements	0.70294
published_at	2026-04-11T12:55:00Z

value	0.00629
scoring_system	epss
scoring_elements	0.70279
published_at	2026-04-12T12:55:00Z

value	0.00629
scoring_system	epss
scoring_elements	0.70267
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088

reference_url	https://security.gentoo.org/glsa/202412-02
reference_id	GLSA-202412-02
reference_type
scores
url	https://security.gentoo.org/glsa/202412-02

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.25%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.25%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.25%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2023-39360

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c2b8-ss11-9yhq

url VCID-d7db-n89n-qyd8

vulnerability_id VCID-d7db-n89n-qyd8

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49084

reference_id

reference_type

scores

value	0.88341
scoring_system	epss
scoring_elements	0.99488
published_at	2026-04-02T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.9949
published_at	2026-04-04T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.99492
published_at	2026-04-07T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.99493
published_at	2026-04-08T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.99494
published_at	2026-04-09T12:55:00Z

value	0.88341
scoring_system	epss
scoring_elements	0.99495
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49084

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254
reference_id	1059254
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.26%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2023-49084

risk_score 1.6

exploitability 2.0

weighted_severity 0.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d7db-n89n-qyd8

url VCID-h3qa-svy4-1fcr

vulnerability_id VCID-h3qa-svy4-1fcr

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49085

reference_id

reference_type

scores

value	0.91404
scoring_system	epss
scoring_elements	0.99656
published_at	2026-04-02T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.99658
published_at	2026-04-04T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.99659
published_at	2026-04-07T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.9966
published_at	2026-04-09T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.99661
published_at	2026-04-12T12:55:00Z

value	0.91404
scoring_system	epss
scoring_elements	0.99662
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.26%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2023-49085

risk_score 1.6

exploitability 2.0

weighted_severity 0.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h3qa-svy4-1fcr

url VCID-mebp-4rfu-vqcq

vulnerability_id VCID-mebp-4rfu-vqcq

summary

DOMpurify has a nesting-based mXSS
DOMpurify was vulnerable to nesting-based mXSS 

fixed by [0ef5e537](https://github.com/cure53/DOMPurify/tree/0ef5e537a514f904b6aa1d7ad9e749e365d7185f) (2.x) and
[merge 943](https://github.com/cure53/DOMPurify/pull/943)

Backporter should be aware of GHSA-mmhx-hmjr-r674 (CVE-2024-45801) when cherry-picking

POC is avaible under [test](https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47875.json

reference_id

reference_type

scores

value	8.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47875.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-47875

reference_id

reference_type

scores

value	0.00699
scoring_system	epss
scoring_elements	0.71978
published_at	2026-04-13T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.71993
published_at	2026-04-12T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.7201
published_at	2026-04-11T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.71986
published_at	2026-04-09T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.71974
published_at	2026-04-08T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.71935
published_at	2026-04-07T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.71959
published_at	2026-04-04T12:55:00Z

value	0.00699
scoring_system	epss
scoring_elements	0.71939
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-47875

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47875

reference_url

http://seclists.org/fulldisclosure/2025/Apr/14

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2025/Apr/14

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/cure53/DOMPurify

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/cure53/DOMPurify

reference_url

https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/

url

https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098

reference_url

https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/

url

https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f

reference_url

https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/

url

https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a

reference_url

https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf

reference_id

reference_type

scores

value	10
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-11T19:27:35Z/

url

https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf

reference_url

https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-47875

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

value	7.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-47875

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983
reference_id	1084983
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084983

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2318052
reference_id	2318052
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2318052

reference_url

https://github.com/advisories/GHSA-gx9m-whjm-85jf

reference_id

GHSA-gx9m-whjm-85jf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gx9m-whjm-85jf

reference_url	https://access.redhat.com/errata/RHSA-2024:10236
reference_id	RHSA-2024:10236
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10236

reference_url	https://access.redhat.com/errata/RHSA-2024:10988
reference_id	RHSA-2024:10988
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10988

reference_url	https://access.redhat.com/errata/RHSA-2024:8683
reference_id	RHSA-2024:8683
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8683

reference_url	https://access.redhat.com/errata/RHSA-2024:8981
reference_id	RHSA-2024:8981
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8981

reference_url	https://access.redhat.com/errata/RHSA-2024:9473
reference_id	RHSA-2024:9473
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9473

reference_url	https://access.redhat.com/errata/RHSA-2024:9629
reference_id	RHSA-2024:9629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9629

reference_url	https://access.redhat.com/errata/RHSA-2025:0329
reference_id	RHSA-2025:0329
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0329

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
purl	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.26%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2024-47875, GHSA-gx9m-whjm-85jf

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mebp-4rfu-vqcq

url VCID-mwbm-aphc-akgu

vulnerability_id VCID-mwbm-aphc-akgu

summary Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-50250

reference_id

reference_type

scores

value	0.02686
scoring_system	epss
scoring_elements	0.85793
published_at	2026-04-02T12:55:00Z

value	0.02686
scoring_system	epss
scoring_elements	0.85811
published_at	2026-04-04T12:55:00Z

value	0.03596
scoring_system	epss
scoring_elements	0.87735
published_at	2026-04-07T12:55:00Z

value	0.03596
scoring_system	epss
scoring_elements	0.87756
published_at	2026-04-08T12:55:00Z

value	0.03596
scoring_system	epss
scoring_elements	0.87762
published_at	2026-04-09T12:55:00Z

value	0.03596
scoring_system	epss
scoring_elements	0.87773
published_at	2026-04-11T12:55:00Z

value	0.03596
scoring_system	epss
scoring_elements	0.87768
published_at	2026-04-12T12:55:00Z

value	0.03596
scoring_system	epss
scoring_elements	0.87766
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-50250

fixed_packages

url	pkg:deb/debian/cacti@0?distro=trixie
purl	pkg:deb/debian/cacti@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@0%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.26%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2023-50250

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mwbm-aphc-akgu

url VCID-pau5-hfbv-nucp

vulnerability_id VCID-pau5-hfbv-nucp

summary Multiple vulnerabilities have been discovered in Cacti, the worst of which can lead to privilege escalation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-39513

reference_id

reference_type

scores

value	0.00296
scoring_system	epss
scoring_elements	0.52839
published_at	2026-04-02T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52865
published_at	2026-04-04T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52832
published_at	2026-04-07T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52884
published_at	2026-04-08T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52878
published_at	2026-04-09T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52928
published_at	2026-04-11T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52912
published_at	2026-04-12T12:55:00Z

value	0.00296
scoring_system	epss
scoring_elements	0.52895
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-39513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39360

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49084

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49086

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49088

reference_url	https://security.gentoo.org/glsa/202412-02
reference_id	GLSA-202412-02
reference_type
scores
url	https://security.gentoo.org/glsa/202412-02

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.25%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.25%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.25%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2023-39513

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pau5-hfbv-nucp

url VCID-vbs9-gben-9kgc

vulnerability_id VCID-vbs9-gben-9kgc

summary

DOMPurify vulnerable to tampering by prototype polution
dompurify was vulnerable to prototype pollution

Fixed by https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48910.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-48910.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-48910

reference_id

reference_type

scores

value	0.02592
scoring_system	epss
scoring_elements	0.8559
published_at	2026-04-13T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.85594
published_at	2026-04-12T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.85597
published_at	2026-04-11T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.85583
published_at	2026-04-09T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.85573
published_at	2026-04-08T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.85547
published_at	2026-04-04T12:55:00Z

value	0.02592
scoring_system	epss
scoring_elements	0.85553
published_at	2026-04-07T12:55:00Z

value	0.02808
scoring_system	epss
scoring_elements	0.86074
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-48910

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48910
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-48910

reference_url

https://github.com/cure53/DOMPurify

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/cure53/DOMPurify

reference_url

https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-31T15:52:58Z/

url

https://github.com/cure53/DOMPurify/commit/d1dd0374caef2b4c56c3bd09fe1988c3479166dc

reference_url

https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-31T15:52:58Z/

url

https://github.com/cure53/DOMPurify/security/advisories/GHSA-p3vf-v8qc-cwcr

reference_url

https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-48910

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-48910

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2322949
reference_id	2322949
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2322949

reference_url

https://github.com/advisories/GHSA-p3vf-v8qc-cwcr

reference_id

GHSA-p3vf-v8qc-cwcr

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p3vf-v8qc-cwcr

reference_url	https://access.redhat.com/errata/RHSA-2024:10186
reference_id	RHSA-2024:10186
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10186

reference_url	https://access.redhat.com/errata/RHSA-2024:9583
reference_id	RHSA-2024:9583
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9583

reference_url	https://access.redhat.com/errata/RHSA-2025:0079
reference_id	RHSA-2025:0079
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0079

reference_url	https://access.redhat.com/errata/RHSA-2025:0082
reference_id	RHSA-2025:0082
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0082

reference_url	https://access.redhat.com/errata/RHSA-2025:0654
reference_id	RHSA-2025:0654
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0654

reference_url	https://access.redhat.com/errata/RHSA-2025:0875
reference_id	RHSA-2025:0875
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0875

reference_url	https://access.redhat.com/errata/RHSA-2025:18233
reference_id	RHSA-2025:18233
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:18233

reference_url	https://access.redhat.com/errata/RHSA-2025:19003
reference_id	RHSA-2025:19003
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19003

reference_url	https://access.redhat.com/errata/RHSA-2025:19017
reference_id	RHSA-2025:19017
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19017

reference_url	https://access.redhat.com/errata/RHSA-2025:19047
reference_id	RHSA-2025:19047
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19047

reference_url	https://access.redhat.com/errata/RHSA-2025:19306
reference_id	RHSA-2025:19306
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19306

reference_url	https://access.redhat.com/errata/RHSA-2025:19314
reference_id	RHSA-2025:19314
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19314

reference_url	https://access.redhat.com/errata/RHSA-2025:19895
reference_id	RHSA-2025:19895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19895

reference_url	https://access.redhat.com/errata/RHSA-2025:22284
reference_id	RHSA-2025:22284
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22284

fixed_packages

url pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-cqr3-wwhj-tyck

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

vulnerability	VCID-zxu5-equ9-1kam

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u3%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
purl	pkg:deb/debian/cacti@1.2.16%2Bds1-2%2Bdeb11u5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.16%252Bds1-2%252Bdeb11u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u2%3Fdistro=trixie

url pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/cacti@1.2.24%2Bds1-1%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4e5y-1s19-r7g7

vulnerability	VCID-pxqa-nkv3-jqfs

vulnerability	VCID-xkkm-ss3p-1udc

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u5%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.26%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.26%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-1%3Fdistro=trixie

url	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
purl	pkg:deb/debian/cacti@1.2.30%2Bds1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.30%252Bds1-2%3Fdistro=trixie

aliases CVE-2024-48910, GHSA-p3vf-v8qc-cwcr

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vbs9-gben-9kgc

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cacti@1.2.24%252Bds1-1%252Bdeb12u2%3Fdistro=trixie

Package Instance