CVE-2021-3816: XSS
First published: Wed Jan 19 2022(Updated: )
Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cacti Cacti | =1.1.38 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-3816?
CVE-2021-3816 is a vulnerability in Cacti version 1.1.38 that allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via the "Copy" method at user_group_admin.php.
How can the CVE-2021-3816 vulnerability be exploited?
The CVE-2021-3816 vulnerability can be exploited by authenticated users with User Management permissions who inject arbitrary HTML in the group_prefix field during the creation of a new group via the "Copy" method at user_group_admin.php.
What is the severity of CVE-2021-3816?
CVE-2021-3816 has a severity rating of medium with a CVSS score of 5.4.
What can an attacker do with this vulnerability?
An attacker with the CVE-2021-3816 vulnerability can inject arbitrary HTML in the group_prefix field, which can potentially lead to cross-site scripting (XSS) attacks and manipulation of the group creation process.
How can I mitigate the CVE-2021-3816 vulnerability?
To mitigate the CVE-2021-3816 vulnerability, it is recommended to update Cacti to a version that includes the fix for the vulnerability.
- collector/nvd-index
- vendor/cacti
- canonical/cacti cacti
- version/cacti cacti/1.1.38