Metrics
Affected Vendors & Products
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Fri, 11 Jul 2025 13:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
epss
|
epss
|
Tue, 08 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Cacti
Cacti cacti |
|
CPEs | cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:* | |
Vendors & Products |
Cacti
Cacti cacti |
|
Metrics |
ssvc
|
Mon, 07 Oct 2024 20:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Cacti is an open source performance and fault management framework. The `fileurl` parameter is not properly sanitized when saving external links in `links.php` . Morever, the said fileurl is placed in some html code which is passed to the `print` function in `link.php` and `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the `fileurl` parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this issue. | |
Title | Stored Cross-site Scripting (XSS) when creating external links in Cacti | |
Weaknesses | CWE-79 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-10-08T13:53:28.987Z
Reserved: 2024-08-09T14:23:55.512Z
Link: CVE-2024-43362

Updated: 2024-10-08T13:08:16.556Z

Status : Analyzed
Published: 2024-10-07T21:15:15.470
Modified: 2024-10-17T18:14:33.337
Link: CVE-2024-43362

No data.

No data.