[Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-45160/cacti

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sun Feb 1 07:36:07 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a827e6d7 by Salvatore Bonaccorso at 2026-02-01T08:35:34+01:00
Update status for CVE-2025-45160/cacti

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -616,12 +616,13 @@ CVE-2025-63649 (An out-of-bounds read in the http_parser_transfer_encoding_chunk
 CVE-2025-62514 (Parsec is a cloud-based application for cryptographically secure file  ...)
 	NOT-FOR-US: Parsec
 CVE-2025-45160 (A HTML injection vulnerability exists in the file upload functionality ...)
-	- cacti <unfixed>
-	[trixie] - cacti <no-dsa> (Minor issue)
-	[bookworm] - cacti <no-dsa> (Minor issue)
+	- cacti 1.2.27+ds1-1
+	[bookworm] - cacti 1.2.24+ds1-1+deb12u3
 	[bullseye] - cacti <postponed> (Minor issue, reflected XSS, no JavaScript)
 	NOTE: https://gist.github.com/BEND0US/49d76897a5bb676d8c3f51425553cc32
-	TODO: check if reported upstream
+	NOTE: Upstream confirmed it is covered/fixed with same fixes for CVE-2023-50250 and
+	NOTE: the followup CVE-2024-29894. Consider it as fixed with the update including
+	NOTE: both updates.
 CVE-2025-15550 (birkir prime <= 0.4.0.beta.0 contains a cross-site request forgery vul ...)
 	NOT-FOR-US: birkir prime
 CVE-2025-15549 (FluentCMS 2026 contains a stored cross-site scripting vulnerability th ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a827e6d7bb94f80bd0266fbfb79c5510fa387c90

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a827e6d7bb94f80bd0266fbfb79c5510fa387c90
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260201/65e04d01/attachment.htm>

More information about the debian-security-tracker-commits mailing list