Security for everyone

CVE-2021-26247 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in Cacti affects v. 0.8.7g.


Short Info



Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one




Cacti is a widely-used network monitoring tool that enables network administrators to gain insights into the performance of various network devices and applications. This open-source software provides them with real-time statistics and graphs, helping them to make informed decisions about their network infrastructure. Cacti's user-friendly interface and comprehensive range of features make it a popular choice for organizations of all sizes and industries.

However, like any software, Cacti is not immune to vulnerabilities. One such vulnerability is CVE-2021-26247, a cross-site scripting (XSS) flaw that was discovered in the auth_changepassword.php script. This vulnerability allows an unauthenticated attacker to inject arbitrary HTML or JavaScript code into the "ref" URL parameter, which can then be executed by unsuspecting users who follow the link.

When this vulnerability is exploited, it can lead to serious consequences for the affected organization. For instance, the attacker may be able to steal sensitive information such as user credentials or access sensitive files or databases. They may also be able to launch further attacks against the organization's network or use the compromised devices as a springboard for attacks against other targets.

In conclusion, it is crucial for organizations that use Cacti to be aware of the CVE-2021-26247 vulnerability and take appropriate precautions to protect against it. Thanks to the pro features of the platform, it is easy for security professionals and network administrators to stay up-to-date with the latest vulnerabilities in their digital assets and take proactive measures to mitigate the risks. By staying vigilant and informed, organizations can keep their networks safe from cyber attacks and ensure their continued success.



cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture