Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php.
2022-01-19T21:15:08.087
2024-11-21T05:51:24.213
Modified
CVSSv3.1: 5.4 (MEDIUM)
AV:N/AC:M/Au:S/C:N/I:P/A:N
6.8
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | cacti | cacti | 1.1.38 | Yes |
Operating System | debian | debian_linux | 9.0 | Yes |