CVE-2021-3816

Name of the Vulnerable Software and Affected Versions Cacti version 1.1.38

Description The issue allows authenticated users with User Management permissions to inject arbitrary HTML in the group prefix field during the creation of a new group via the "Copy" method at the "user group admin.php" endpoint. This can be exploited by users with specific permissions, potentially leading to security issues.

Recommendations For Cacti version 1.1.38, consider restricting access to the "Copy" method in the "user group admin.php" endpoint to prevent arbitrary HTML injection in the group prefix field until a patch is available. As a temporary workaround, limit the permissions of users with User Management access to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.