CVE-2026-39900

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...

CVE-2026-39900

Cacti versions 1.2.30 and earlier are vulnerable to a Reflected XSS via the tab parameter in the auth_profile.php JavaScript context. The issue is fixed in version 1.2.31. CVSS 4.0 base score 5.3 (Medium) with network vector, low attack complexity, no privileges required, and user interaction req...

DEBIAN-CVE-2020-13231

In Cacti before 1.2.11, authprofile.php?action=edit allows CSRF for an admin email change...

UBUNTU-CVE-2020-13231

In Cacti before 1.2.11, authprofile.php?action=edit allows CSRF for an admin email change...

Cacti cross-site scripting vulnerability (CNVD-2017-26314)

Cacti is a set of open source network traffic monitoring and analysis tools from the Cacti team. The tool through snmpget to get the data , using RRDtool drawing graphs to analyze , and provide data and user management features . A cross-site scripting vulnerability exists in the authprofile.php...

CVE-2017-11691

Cross-site scripting XSS vulnerability in authprofile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...

DEBIAN-CVE-2017-11691

Cross-site scripting XSS vulnerability in authprofile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...