CVE-2024-31443
CVSS v3.1
5.7 (Medium)
EPSS
0.04 % (16th)
Advisories
3
NVD Status
Awaiting Analysis
Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in form_save()
function in data_queries.php
is not thoroughly checked and is used to concatenate the HTML statement in grow_right_pane_tree()
function from lib/html.php
, finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.
Weaknesses
- CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE Status
- PUBLISHED
- NVD Status
- Awaiting Analysis
- CNA
- GitHub, Inc.
- Published Date
-
2024-05-14 15:25:20
(4 months ago) - Updated Date
-
2024-06-10 17:16:25
(3 months ago)
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...