1. Home
  2. Vulnerabilities
  3. CVE-2023-39360

CVE-2023-39360

CVSS v3.1 6.1 (Medium)
61% Progress
EPSS 0.08 % (35th)
0.08% Progress
Affected Products 2
Advisories 6
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data. The vulnerability is found in graphs_new.php. Several validations are performed, but the returnto parameter is directly passed to form_save_button. In order to bypass this validation, returnto must contain host.php. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Related CVEs
CVE Status
PUBLISHED
CNA
GitHub, Inc.
Published Date
2023-09-05 21:15:46
(12 months ago)
Updated Date
2024-03-18 20:15:07
(6 months ago)

Affected Products

Cacti

Fedoraproject

Configuration #1

    CPE23 From Up To
  Cacti 1.2.24 cpe:2.3:a:cacti:cacti:1.2.24

Configuration #2

    CPE23 From Up To
  Fedoraproject Fedora 37 cpe:2.3:o:fedoraproject:fedora:37
  Fedoraproject Fedora 38 cpe:2.3:o:fedoraproject:fedora:38