1. Home
  2. Vulnerabilities
  3. CVE-2023-50250

CVE-2023-50250

CVSS v3.1 6.1 (Medium)
61% Progress
EPSS 0.05 % (21th)
0.05% Progress
Affected Products 1
Advisories 3
NVD Status Modified
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in templates_import.php. When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.

Weaknesses
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Related CVEs
CVE Status
PUBLISHED
NVD Status
Modified
CNA
GitHub, Inc.
Published Date
2023-12-22 17:15:09
(9 months ago)
Updated Date
2024-06-10 17:16:15
(3 months ago)

Affected Products

Cacti

Configuration #1

    CPE23 From Up To
  Cacti 1.2.25 cpe:2.3:a:cacti:cacti:1.2.25