\" to successfully execute the JavaScript payload present in the \"ref\" URL parameter... CVSS 6.1 MEDIUM.", "author": {"@type": "Organization", "name": "White Hats Nepal"}, "publisher": {"@id": "https://blog.pentestnepal.tech/#organization"}, "datePublished": "2022-01-19", "dateModified": "2024-11-21", "mainEntityOfPage": "https://blog.pentestnepal.tech/cve/cve-2021-26247/", "inLanguage": "en"}, {"@type": "FAQPage", "mainEntity": [{"@type": "Question", "name": "What is CVE-2021-26247?", "acceptedAnswer": {"@type": "Answer", "text": "CVE-2021-26247 is a vulnerability with a CVSS score of 6.1 (MEDIUM). As an unauthenticated remote user, visit \"http:///auth_changepassword.php?ref=\" to successfully execute the JavaScript payload present in the \"ref\" URL parameter..."}}, {"@type": "Question", "name": "How severe is CVE-2021-26247?", "acceptedAnswer": {"@type": "Answer", "text": "CVE-2021-26247 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown."}}, {"@type": "Question", "name": "Is there a patch for CVE-2021-26247?", "acceptedAnswer": {"@type": "Answer", "text": "Check the references section above for vendor advisories and patch information. Affected products include: Cacti Cacti."}}]}]}
  1. Home
  2. CVE Database
  3. CVE-2021-26247
MEDIUM · 6.1

CVE-2021-26247

As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter...

Vulnerability Description

As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
CactiCacti0.8.7g

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2021-26247?

CVE-2021-26247 is a vulnerability with a CVSS score of 6.1 (MEDIUM). As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter...

How severe is CVE-2021-26247?

CVE-2021-26247 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-26247?

Check the references section above for vendor advisories and patch information. Affected products include: Cacti Cacti.