2 matches found
DEBIAN-CVE-2026-39900
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the authprofile.php JavaScript context. This issue has been fixed in version 1.2.31...
CVE-2020-13231
CVE-2020-13231 affects Cacti prior to 1.2.11, where auth_profile.php?action=edit permits CSRF to change an admin email. The root cause is improper CSRF protection in the affected admin profile edit flow, enabling an attacker to trigger an admin email change without authentication. Impacts include...