\" to successfully execute the JavaScript payload present in the \"ref\" URL parameter.", "datePublished": "2022-01-19T20:38:53Z", "dateModified": "2024-08-03T20:19:20Z", "keywords": "CVE-2021-26247, vulnerability, CVE, security, Cacti, n/a", "about": { "@type": "SoftwareApplication", "name": "Cacti", "applicationCategory": "SecurityApplication", "operatingSystem": "All" } }

What the vulnerability does

01Description

As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.

Key dates

02Disclosure timeline

January 19, 2022 CVE published
August 3, 2024 Record updated