Lucene search

K
CactiCacti

20 matches found

CVE
CVE
added 2019/09/23 3:15 p.m.162 views

CVE-2019-16723

In Cacti through 1.2.6, authenticated users may bypass authorization checks (for viewing a graph) via a direct graph_json.php request with a modified local_graph_id parameter.

4.3CVSS5.6AI score0.00205EPSS
CVE
CVE
added 2019/01/16 4:29 p.m.137 views

CVE-2018-20723

A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.

4.8CVSS5.8AI score0.00526EPSS
CVE
CVE
added 2019/01/16 4:29 p.m.136 views

CVE-2018-20724

A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.

4.8CVSS5.8AI score0.00618EPSS
CVE
CVE
added 2019/01/16 4:29 p.m.134 views

CVE-2018-20725

A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.

4.8CVSS5.8AI score0.00526EPSS
CVE
CVE
added 2023/09/05 10:15 p.m.94 views

CVE-2023-30534

Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory (phpseclib), the necessary gadgets are not included, making them inaccessible an...

4.3CVSS6.8AI score0.38717EPSS
CVE
CVE
added 2009/11/29 1:7 p.m.72 views

CVE-2009-4032

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or...

4.3CVSS5.4AI score0.06761EPSS
CVE
CVE
added 2014/03/27 4:55 p.m.67 views

CVE-2014-2326

Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.4AI score0.01268EPSS
CVE
CVE
added 2010/08/23 10:0 p.m.64 views

CVE-2010-1644

Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_i...

4.3CVSS5.5AI score0.02027EPSS
CVE
CVE
added 2020/05/20 2:15 p.m.64 views

CVE-2020-13230

In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs).

4.3CVSS5.1AI score0.00799EPSS
CVE
CVE
added 2010/08/23 10:0 p.m.63 views

CVE-2010-2545

Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow r...

4.3CVSS5.2AI score0.01348EPSS
CVE
CVE
added 2010/08/23 10:0 p.m.61 views

CVE-2010-2544

Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.

4.3CVSS5.5AI score0.06007EPSS
CVE
CVE
added 2013/08/29 12:7 p.m.58 views

CVE-2013-5588

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php.

4.3CVSS7.5AI score0.00329EPSS
CVE
CVE
added 2014/07/03 2:55 p.m.58 views

CVE-2014-4002

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6) graph_templates.php, (7) graphs...

4.3CVSS7.5AI score0.00431EPSS
CVE
CVE
added 2015/06/17 6:59 p.m.58 views

CVE-2015-2665

Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS7AI score0.00432EPSS
CVE
CVE
added 2010/08/23 10:0 p.m.53 views

CVE-2010-2543

Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.

4.3CVSS5.5AI score0.06761EPSS
CVE
CVE
added 2008/02/14 11:0 p.m.51 views

CVE-2008-0783

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the action parameter to the draw_navig...

4.3CVSS5.5AI score0.03843EPSS
CVE
CVE
added 2015/07/10 3:59 p.m.46 views

CVE-2015-2967

Cross-site scripting (XSS) vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3CVSS5.5AI score0.0032EPSS
CVE
CVE
added 2017/11/08 5:29 a.m.46 views

CVE-2017-16661

Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.

4.9CVSS5.5AI score0.00181EPSS
CVE
CVE
added 2008/02/14 11:0 p.m.37 views

CVE-2008-0786

CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k, when running on older PHP interpreters, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

4.3CVSS6.7AI score0.01014EPSS
CVE
CVE
added 2012/10/25 5:55 p.m.30 views

CVE-2011-5223

Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

4.3CVSS7.2AI score0.00537EPSS