CVSS 3.1 Score 6.1 of 10 (medium)


Published Sep 5, 2023
Updated: Nov 9, 2023


CVE-2023-39512 is a vulnerability in the Cacti open-source operational monitoring and fault management framework. The vulnerability, classified as a Stored Cross-Site Scripting (XSS) issue, affects various versions of the Cacti app. An authenticated user can exploit this vulnerability to inject malicious JavaScript code into the _cacti_'s database, which will be executed in the browser of an administrative _cacti_ account. The attack can occur through the manipulation of device names configured by users with General Administration permissions. The affected products include g0b1tn, g0b1tm, g0b1tl, and others. To remediate this vulnerability, users should apply the latest updates and patches provided by Cacti. The potential danger of this vulnerability lies in its ability to compromise data integrity and confidentiality within an organization's Cacti environment.

Leverage our Vulnerability Intelligence module to secure your systems now - get detailed insights on CVE-2024-37364. Book your demo today.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-39512 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options