Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-49088

Published: 22/12/2023 Updated: 18/03/2024
CVSS v3 Base Score: 4.8 | Impact Score: 2.7 | Exploitability Score: 1.7
VMScore: 0
Subscribe to Cacti

Vulnerability Summary

Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration>Sites/Devices/Data`. The victim of this attack could be any account with permissions to view `<HOST>/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti.

Vulnerable Product Search on Vulmon Subscribe to Product

cacti cacti

References

CWE-79https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4xhttps://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4hhttps://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.phphttps://lists.debian.org/debian-lts-announce/2024/03/msg00018.htmlhttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook