cacti vulnerabilities

Known vulnerabilities in the cacti package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L Cross-site Scripting (XSS)	<1.2.26+ds1-1
L Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	<1.2.26+ds1-1
H Arbitrary Code Injection	<1.2.28+ds1-1
M Cross-site Scripting (XSS)	<1.2.28+ds1-1
H Cross-site Scripting (XSS)	<1.2.28+ds1-1
H Cross-site Scripting (XSS)	<1.2.28+ds1-1
H CVE-2024-25641	<1.2.27+ds1-1
M Cross-site Scripting (XSS)	<1.2.27+ds1-1
M Cross-site Scripting (XSS)	<1.2.27+ds1-1
C Insufficient Comparison	<1.2.27+ds1-1
M Cross-site Scripting (XSS)	<1.2.27+ds1-1
H SQL Injection	<1.2.27+ds1-1
H SQL Injection	<1.2.27+ds1-1
H CVE-2024-31459	<1.2.27+ds1-1
M Cross-site Scripting (XSS)	<1.2.27+ds1-1
H SQL Injection	<1.2.27+ds1-1
H SQL Injection	<1.2.26+ds1-1
M Cross-site Scripting (XSS)	<1.2.26+ds1-1
H SQL Injection	<1.2.26+ds1-1
M Cross-site Scripting (XSS)	<1.2.26+ds1-1
H PHP Remote File Inclusion	<1.2.26+ds1-1
M Cross-site Scripting (XSS)	<1.2.26+ds1-1
M SQL Injection	<1.2.26+ds1-1
M Cross-site Scripting (XSS)	<1.2.25+ds1-1
M Cross-site Scripting (XSS)	<1.2.25+ds1-1
M Deserialization of Untrusted Data	<1.2.25+ds1-1
M Cross-site Scripting (XSS)	<1.2.25+ds1-1
M Cross-site Scripting (XSS)	<1.2.25+ds1-1
M SQL Injection	<1.2.25+ds1-1
M Cross-site Scripting (XSS)	<1.2.25+ds1-1
M Open Redirect	<1.2.25+ds1-1
H SQL Injection	<1.2.25+ds1-1
H Improper Input Validation	<1.2.25+ds1-1
H OS Command Injection	<1.2.25+ds1-1
M Cross-site Scripting (XSS)	<1.2.25+ds1-1
C SQL Injection	<1.2.25+ds1-1
M Cross-site Scripting (XSS)	<1.2.25+ds1-1
M Cross-site Scripting (XSS)	<1.2.25+ds1-1
H SQL Injection	<1.2.25+ds1-1
M Cross-site Scripting (XSS)	<1.2.25+ds1-1
M Cross-site Scripting (XSS)	<1.2.22+ds1-1
L Incorrect Authorization	<1.2.23+ds1-1
M Cross-site Scripting (XSS)	<0.8.7i-1
H Authorization Bypass Through User-Controlled Key	<1.2.6+ds1-1
C OS Command Injection	<1.2.22+ds1-3
C Improper Authentication	<1.2.20+ds1-1
M Cross-site Scripting (XSS)	<0.8.7i-1
M Cross-site Scripting (XSS)	<1.2.1+ds1-1
M Cross-site Scripting (XSS)	<1.2.1+ds1-1
M Cross-site Scripting (XSS)	<1.2.19+ds1-1
M Cross-site Scripting (XSS)	<1.2.13+ds1-1
H SQL Injection	<1.2.16+ds1-2
M Cross-site Scripting (XSS)	<1.2.14+ds1-1
H SQL Injection	<1.2.13+ds1-1
M Cross-site Request Forgery (CSRF)	<1.2.11+ds1-1
M Improper Preservation of Permissions	<1.2.11+ds1-1
H OS Command Injection	<1.2.10+ds1-1
H OS Command Injection	<1.2.9+ds1-1
M Cross-site Scripting (XSS)	<1.2.9+ds1-1
L Improper Input Validation	*
H Out-of-bounds Write	<1.2.8+ds1-1
M SQL Injection	<1.2.8+ds1-1
M Authorization Bypass Through User-Controlled Key	<1.2.7+ds1-1
L Cross-site Scripting (XSS)	<1.2.2+ds1-2
L Cross-site Scripting (XSS)	<1.2.1+ds1-1
L Cross-site Scripting (XSS)	<1.2.1+ds1-1
L Cross-site Scripting (XSS)	<1.2.1+ds1-1
L Cross-site Scripting (XSS)	<1.2.1+ds1-1
L Cross-site Scripting (XSS)	<1.1.37+ds1-1
M Cross-site Scripting (XSS)	<1.1.37+ds1-1
L Cross-site Scripting (XSS)	<1.1.37+ds1-1
H Access Restriction Bypass	<0.8.8h+ds1-5
L Arbitrary Code Injection	<0.8.8e+ds1-1
M Cross-site Scripting (XSS)	<1.1.27+ds1-3
H Exposure of Resource to Wrong Sphere	<1.1.27+ds1-3
M Information Exposure	<1.1.27+ds1-3
H OS Command Injection	<1.1.27+ds1-3
M Cross-site Scripting (XSS)	<1.1.25+ds1-1
M Cross-site Scripting (XSS)	<1.1.18+ds1-1
M Cross-site Scripting (XSS)	<1.1.17+ds1-2
C CVE-2017-12065	<1.1.16+ds1-1
M Cross-site Scripting (XSS)	<1.1.16+ds1-1
M Cross-site Scripting (XSS)	<1.1.15+ds1-1
H SQL Injection	<0.8.8e+ds1-1
M Cross-site Scripting (XSS)	<0.8.8b+dfsg-6
M Cross-site Scripting (XSS)	<1.1.12+ds1-1
M Cross-site Scripting (XSS)	<1.1.12+ds1-1
H Access Restriction Bypass	<0.8.8g+ds1-1
H SQL Injection	<0.8.8g+ds1-2
H SQL Injection	<0.8.8f+ds1-4
H SQL Injection	<0.8.8h+ds1-1
H SQL Injection	<0.8.8f+ds1-3
M SQL Injection	<0.8.8f+ds1-4
H SQL Injection	<0.8.8e+ds1-1
M Cross-site Scripting (XSS)	<0.8.8d+ds1-1
M Cross-site Scripting (XSS)	<0.8.8d+ds1-1
H SQL Injection	<0.8.8d+ds1-1
H SQL Injection	<0.8.8d+ds1-1
M SQL Injection	<0.8.6f-1
L Cross-site Scripting (XSS)	<0.8.8b+dfsg-7
L Cross-site Scripting (XSS)	<0.8.8b+dfsg-7
H Arbitrary Code Injection	<0.8.8b+dfsg-8
H SQL Injection	<0.8.8b+dfsg-8
M Cross-site Scripting (XSS)	<0.8.8b+dfsg-6
M CVE-2014-2328	<0.8.8b+dfsg-4
H CVE-2014-2709	<0.8.8b+dfsg-4
M Cross-site Request Forgery (CSRF)	<0.8.8b+dfsg-6
H SQL Injection	<0.8.8b+dfsg-4
M Cross-site Scripting (XSS)	<0.8.8b+dfsg-4
M Cross-site Scripting (XSS)	<0.8.8b+dfsg-3
H SQL Injection	<0.8.8b+dfsg-3
H SQL Injection	<0.8.8b+dfsg-1
H Arbitrary Code Injection	<0.8.8b+dfsg-1
L Cross-site Scripting (XSS)	<0.8.7i-1
H SQL Injection	<0.8.7i-1
M Cross-site Scripting (XSS)	<0.8.7g-1
M Cross-site Scripting (XSS)	<0.8.7g-1
M Cross-site Scripting (XSS)	<0.8.7g-1
M Improper Input Validation	<0.8.7g-1
M Cross-site Scripting (XSS)	<0.8.7g-1
H SQL Injection	<0.8.7e-4
H SQL Injection	<0.8.7e-3
L Access Restriction Bypass	<1.2.1+ds1-1
L Cross-site Scripting (XSS)	<0.8.7e-1.1
L Cross-site Scripting (XSS)	<0.8.7b-1
M Arbitrary Code Injection	<0.8.7b-1
L SQL Injection	<0.8.7b-1
L Information Exposure	<0.8.7b-1
M SQL Injection	<0.8.7a-1
L CVE-2007-3113	<0.8.6j-1.1
L CVE-2007-3112	<0.8.6j-1.1
H CVE-2006-6799	<0.8.6i-3
M Cross-site Scripting (XSS)	<0.8.6d-1
M CVE-2006-0410	<0.8.6d-1
M CVE-2006-0147	<0.8.6d-1
M SQL Injection	<0.8.6d-1
H CVE-2005-2148	<0.8.6f-1
H CVE-2005-2149	<0.8.6f-1
H CVE-2005-1524	<0.8.6e-1
H CVE-2005-1526	<0.8.6e-1
H CVE-2005-1525	<0.8.6e-1
M CVE-2004-1736	<0.8.5a-5
H CVE-2004-1737	<0.8.5a-5
M CVE-2002-1479	<0.6.8-1
H CVE-2002-1477	<0.6.8a-2
C CVE-2002-1478	<0.6.8a-2

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

<1.2.26+ds1-1

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

<1.2.26+ds1-1

Arbitrary Code Injection

<1.2.28+ds1-1

Cross-site Scripting (XSS)

<1.2.28+ds1-1

Cross-site Scripting (XSS)

<1.2.28+ds1-1