Advisory ROSA-SA-2024-2535

software: cacti 1.2.25 AXIS: ROSA-CHROME packageevrstring: cacti-1.2.25-2 CVE-ID: CVE-2023-46490 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A SQL injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the formactions function in managers.php. CVE-STATU...

UBUNTU-CVE-2023-50569

Reflected Cross Site Scripting XSS vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templatesimport.php...

PT-2023-8110 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.25 Description: The issue is related to insufficient protection of the web page structure in the Cacti network monitoring tool. This allows a remote attacker to conduct cross-site scripting attacks and gain unauthorized acce...

CVE-2023-39357

Cacti is an open source operational monitoring and fault management framework. A defect in the sqlsave function was discovered. When the column type is numeric, the sqlsave function directly utilizes user input. Many files and functions calling the sqlsave function do not perform prior validation...

CVE-2023-39516 Stored Cross-Site-Scripting on data_sources.php debug html-block in Cacti

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...