CVE-2024-31443

CVSS v3.1 5.7 (Medium)

EPSS 0.04 % (16^th)

Advisories 3

NVD Status Awaiting Analysis

Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in form_save() function in data_queries.php is not thoroughly checked and is used to concatenate the HTML statement in grow_right_pane_tree() function from lib/html.php , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.

Weaknesses

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE Status: PUBLISHED
NVD Status: Awaiting Analysis
CNA: GitHub, Inc.
Published Date: 2024-05-14 15:25:20
(4 months ago)
Updated Date: 2024-06-10 17:16:25
(3 months ago)