CVE-2022-48547

2023-08-2219:16:31

Debian Security Bug Tracker

security-tracker.debian.org

cacti

cross-site scripting

remote attackers

web script

html

auth_changepassword.php

unix

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

43.0%

JSON

A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the “ref” parameter at auth_changepassword.php.

OSVersionArchitecturePackageVersionFilename
Debian12allcacti< 0.8.7i-1cacti_0.8.7i-1_all.deb
Debian11allcacti< 0.8.7i-1cacti_0.8.7i-1_all.deb
Debian10allcacti< 0.8.7i-1cacti_0.8.7i-1_all.deb
Debian999allcacti< 0.8.7i-1cacti_0.8.7i-1_all.deb
Debian13allcacti< 0.8.7i-1cacti_0.8.7i-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	cacti	< 0.8.7i-1	cacti_0.8.7i-1_all.deb
Debian	11	all	cacti	< 0.8.7i-1	cacti_0.8.7i-1_all.deb
Debian	10	all	cacti	< 0.8.7i-1	cacti_0.8.7i-1_all.deb
Debian	999	all	cacti	< 0.8.7i-1	cacti_0.8.7i-1_all.deb
Debian	13	all	cacti	< 0.8.7i-1	cacti_0.8.7i-1_all.deb