CVE-2026-39900— Cacti: Reflected XSS via tab parameter in auth_profile.php JavaScript context
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-39900
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cacti: Reflected XSS via tab parameter in auth_profile.php JavaScript context
Source: NVD (National Vulnerability Database)
Vulnerability Description
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the auth_profile.php JavaScript context. This issue has been fixed in version 1.2.31.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-39900
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-39900
请登录查看更多情报信息。
Other References for CVE-2026-39900 (2)
Same Patch Batch · Cacti · 2026-06-24 · 10 CVEs total
| CVE-2026-39955 | 9.8 CRITICAL | Cacti has Pre-Authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph |
| CVE-2026-39893 | 9.8 CRITICAL | Cacti: Pre-authentication SQL injection via rfilter RLIKE clause in graph_view.php |
| CVE-2026-39938 | 9.8 CRITICAL | Cacti: Unauthenticated RCE on Graph Image |
| CVE-2026-39951 | 7.6 HIGH | Cacti: Stored SQL Injection via graph_name_regexp in Reports feature |
| CVE-2026-39894 | 2.9 LOW | Cacti: RRDtool metric shift via LC_NUMERIC locale comma decimal formatting |
| CVE-2026-39897 | Cacti has a Reflected XSS Vulnerability via html_auth_footer | |
| CVE-2026-39948 | Cacti has SQL Injection via rfilter parameter in RLIKE clauses | |
| CVE-2026-39899 | Cacti: Path Traversal via filename parameter in package_import.php | |
| CVE-2026-40079 | Cacti: Command Injection via escape_command() no-op in RRDtool execution |
IV. Related Vulnerabilities
Same product: cacti
- CVE-2026-40941
Cacti: Package Import Signature Validation Bypass Allows Sel - CVE-2026-40084
Cacti: Arbitrary File Read via Path Traversal in Report `for - CVE-2026-40083
Cacti: SQL Injection in managers.php - CVE-2026-40082
Cacti: Session Fixation via missing session_regenerate_id() - CVE-2026-40080
Cacti: Open Redirect via HTTP_REFERER substring check in aut
Same vendor: Cacti
- CVE-2026-40941
Cacti: Package Import Signature Validation Bypass Allows Sel - CVE-2026-40084
Cacti: Arbitrary File Read via Path Traversal in Report `for - CVE-2026-40083
Cacti: SQL Injection in managers.php - CVE-2026-40082
Cacti: Session Fixation via missing session_regenerate_id() - CVE-2026-40080
Cacti: Open Redirect via HTTP_REFERER substring check in aut
Same weakness: CWE-79
- CVE-2026-57656
WordPress Hester Core plugin <= 1.1.8 - Cross Site Scripting - CVE-2026-57651
WordPress Ghost Kit plugin <= 3.6.0 - Cross Site Scripting ( - CVE-2026-57650
WordPress Magazine Blocks plugin <= 1.8.3 - Cross Site Scrip - CVE-2026-57638
WordPress Fluent Booking plugin <= 2.1.0 - Cross Site Script - CVE-2026-57629
WordPress StatCounter plugin <= 2.1.1 - Cross Site Scripting
V. Comments for CVE-2026-39900
No comments yet