Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php.
References
Link | Resource |
---|---|
https://www.cacti.net/info/changelog | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2022-01-19T20:38:50
Updated: 2022-01-19T20:38:50
Reserved: 2021-09-17T00:00:00
Link: CVE-2021-3816
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-01-19T21:15:08.497
Modified: 2022-01-25T16:19:11.950
Link: CVE-2021-3816
JSON object: View
Redhat Information
No data.
CWE