CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-23225

Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.007

EPSS Ranking 70.0%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html
https://www.cacti.net/info/changelog
https://lists.debian.org/debian-lts-announce/2022/03/msg00038.html
https://www.cacti.net/info/changelog

Products affected by CVE-2021-23225

Cacti » Cacti » Version: 1.1.38

cpe:2.3:a:cacti:cacti:1.1.38
Debian » Debian Linux » Version: 9.0

cpe:2.3:o:debian:debian_linux:9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-23225

Products

Pricing

Contact Us