Netniv

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.25 **Description** The issue is related to Cacti, an open source operational monitoring and fault management framework. It involves problems with Regular Expression validation combined with the external links feature, which can lead to limited SQL Injections and subsequent data leakage. This can allow a remote attacker to execute arbitrary SQL queries. **Recommendations** For versions prior to 1.2.25, users are advised to upgrade to version 1.2.25 or later to address the issue. As a temporary workaround, consider restricting access to the external links feature until the upgrade is applied. There are no known workarounds for this issue other than upgrading.

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.27 Description: Cacti provides an operational monitoring and fault management framework. The issue arises from the `form save()` function in `data queries.php`, where some stored data is not thoroughly checked and is used to concatenate the HTML statement in the `grow right pane tree()` function from `lib/html.php`, resulting in cross-site scripting. Recommendations: For versions prior to 1.2.27, update to version 1.2.27 or later, which contains a patch for the issue. As a temporary workaround, consider disabling the `form save()` function in `data queries.php` until a patch is available. Restrict access to the `grow right pane tree()` function from `lib/html.php` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.18 **Description** The issue allows remote attackers to trigger XSS via template import for the midwinter theme. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 1.2.18, update to version 1.2.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the template import feature for the midwinter theme until a patch is applied.