CVE-2021-23225: XSS
First published: Wed Jan 19 2022(Updated: )
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cacti Cacti | =1.1.38 | |
| Debian Debian Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-23225?
CVE-2021-23225 is a vulnerability in Cacti 1.1.38 that allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php.
How does CVE-2021-23225 affect Cacti?
CVE-2021-23225 affects Cacti 1.1.38 installations where authenticated users with User Management permissions can inject arbitrary web script or HTML in the "new_username" field when creating a new user via the "Copy" method at user_admin.php.
What is the severity of CVE-2021-23225?
CVE-2021-23225 has a severity rating of 5.4 (Medium).
How can I fix CVE-2021-23225 in Cacti?
To fix CVE-2021-23225 in Cacti, update to version 1.1.39 or apply the necessary patches provided by the vendor.
What is CWE-79?
CWE-79 is a common weakness enumeration category for Improper Neutralization of Input During Web Page Generation (Cross-site Scripting).
- collector/nvd-index
- vendor/cacti
- canonical/cacti cacti
- version/cacti cacti/1.1.38
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0