Cross-Site Scripting

Cacti is vulnerable to Cross-site scripting. The vulnerability is due to insufficient data validation in the formsave function in dataqueries.php, which is used to concatenate the HTML statement in the growrightpanetree function from html.php...

CVE-2024-31443 Cacti XSS vulnerability in lib/html_tree.php by reading dirty data stored in database

Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in formsave function in dataqueries.php is not thoroughly checked and is used to concatenate the HTML statement in growrightpanetree function from lib/html.php , finally resulting in...

CVE-2024-31443 Cacti XSS vulnerability in lib/html_tree.php by reading dirty data stored in database

Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in formsave function in dataqueries.php is not thoroughly checked and is used to concatenate the HTML statement in growrightpanetree function from lib/html.php , finally resulting in...

Cacti < 1.2.13 XSS Vulnerability - Linux

Cacti is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2020-23226

Multiple Cross Site Scripting XSS vulneratiblities exist in Cacti 1.2.12 in 1 reportsadmin.php, 2 dataqueries.php, 3 datainput.php, 4 graphtemplates.php, 5 graphs.php, 6 reportsadmin.php, and 7 datainput.php...

CVE-2020-23226

CVE-2020-23226 is documented across multiple feeds as a set of Cross Site Scripting (XSS) vulnerabilities in Cacti 1.2.12 . The affected components include (1) reports_admin.php, (2) data_queries.php, (3) data_input.php, (4) graph_templates.php, (5) graphs.php, and (6) data_input.php (noting dupl...

CVE-2014-4002

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the 1 drpaction parameter to cdef.php, 2 datainput.php, 3 dataqueries.php, 4 datasources.php, 5 datatemplates.php, 6 graphtemplates.php, 7 graphs.php, 8 host.php, or...

CVE-2010-2545

Cacti before 0.8.7g contains multiple XSS vulnerabilities (including CVE-2010-2545) in various templates and admin paths. The GLSA notes remote script injection and the need to upgrade to the 0.8.8+ series as remediation; affected vectors include template name and numerous PHP/graph-related compo...