CVE-2023-39513
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Summary
CVE-2023-39513 is a stored Cross-Site-Scripting (XSS) vulnerability affecting Cacti, an open-source operational monitoring framework. The issue allows authenticated users with specific privileges to inject malicious JavaScript code into the _cacti_ database. This code can be executed in the victim's browser when viewing data on affected administrative accounts. The vulnerability was found in the host.php file, which is used to manage and monitor hosts in the _cacti_ application. An attacker can exploit this vulnerability by configuring a data-query template with malicious code, which is then displayed when a verbose data query is requested from a device's management page. Users with the _Template Editor>Data Queries_ permissions can configure these templates. This vulnerability has been addressed in version 1.2.25. It is strongly recommended that users upgrade as soon as possible or manually filter HTML output as a temporary measure.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Cacti
- Cacti Cacti
- Fedora Operating System
Affected Vendors
- Fedora Project
- Cacti
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions