CVE-2023-39360
CVSS v3.1
6.1 (Medium)
EPSS
0.08 % (35th)
Affected Products
2
Advisories
6
Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data. The vulnerability is found in graphs_new.php
. Several validations are performed, but the returnto
parameter is directly passed to form_save_button
. In order to bypass this validation, returnto must contain host.php
. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.
Weaknesses
- CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Related CVEs
- CVE Status
- PUBLISHED
- CNA
- GitHub, Inc.
- Published Date
-
2023-09-05 21:15:46
(12 months ago) - Updated Date
-
2024-03-18 20:15:07
(6 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...