CVE-2026-39900
MEDIUM NVDCVSS Score
6.1
Severity
MEDIUM
Source
NVD
Published
Jun 24, 2026
Description
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the auth_profile.php JavaScript context. This issue has been fixed in version 1.2.31.