5 matches found
CVE-2022-48547
A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at authchangepassword.php...
CVE-2022-48547
A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at authchangepassword.php...
CVE-2022-48547
A reflected cross-site scripting XSS vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at authchangepassword.php...
CVE-2022-48547
CVE-2022-48547 is a reflected XSS vulnerability in Cacti versions up to 0.8.7g, allowing unauthenticated remote attackers to inject arbitrary script/HTML into the ref parameter of auth_changepassword.php. The issue is documented across multiple sources (NVD, OSV, Nessus/NASL) with the affected so...
CVE-2021-26247
CVE-2021-26247 affects Cacti. The vulnerability is a stored/reflected cross-site scripting in the auth_changepassword.php endpoint, where an unauthenticated remote user can supply a ref parameter containing a script tag to execute JavaScript in a victim’s browser. Impact described includes arbitr...