Stored cross-site-scripting (XSS) vulnerability in Cacti - CVE-2023-39514ID: oval:org.secpod.oval:def:93933 | Date: (C)2023-10-20 (M)2023-12-11 |
Class: VULNERABILITY | Family: windows |
The host is installed with Cacti before 1.2.25 and is prone to a stored cross-site-scripting (XSS) vulnerability. A flaw is present in the application, which fails to handle a data-source template with malicious code appended in the data-source name or a device with a malicious payload injected in the device name. Successful exploitation allows an authenticated attacker to poison data stored in the cacti's database, which will be viewed by administrative cacti accounts and execute JavaScript code in the victim's browser at view-time.
Platform: |
Microsoft Windows 7 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows 8.1 |
Microsoft Windows 10 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows 11 |
Microsoft Windows Server 2022 |