Published: 22/12/2023 Updated: 18/03/2024

CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3

VMScore: 0

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. Impact of the vulnerability - execution of arbitrary javascript code in the attacked user's browser. This issue has been patched in version 1.2.26.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cacti cacti 1.2.25

Debian Bug report logs - #1059254 cacti: CVE-2023-49084 CVE-2023-49086 Package: src:cacti; Maintainer for src:cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 22 Dec 2023 08:42:02 UTC Severity: grave Tags: security, upstream Found in ver ...

CWE-79 https://github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059254 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-49086

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect