XSS in Cacti

CVE-2026-39897

Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_auth_footer. This issue has been fixed in version 1.2.31.

Vulnerability class: XSS (Cross-Site Scripting)

Affected products

Cacti — versions < 1.2.31

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_CONFIRM)