CVE-2026-39900

N/A Unknown
Published: June 24, 2026 Modified: June 24, 2026
View on NVD

Description

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the auth_profile.php JavaScript context. This issue has been fixed in version 1.2.31.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/Cacti/cacti/commit/891344a5c10b8687a3d2a5d26e6de20f13069e2a
Source: security-advisories@github.com
https://github.com/Cacti/cacti/security/advisories/GHSA-34rf-frc3-v48r
Source: security-advisories@github.com

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-79

Related CVEs

CVE-2026-39955 9.8
CVE-2026-39948 N/A
CVE-2026-39938 9.8
CVE-2026-39899 N/A
CVE-2025-8106 N/A