CVE-2023-50250

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 22, 2023
Updated: Dec 29, 2023
CWE ID 79

Summary

CVE-2023-50250 is a reflection cross-site scripting vulnerability found in version 1.2.25 of Cacti, an open source operational monitoring and fault management framework. This vulnerability affects the templates_import.php file, which handles the uploading of XML template files. Attackers can exploit this vulnerability to perform actions on behalf of other users by uploading a malicious XML file that triggers an unfiltered XML file name in a JavaScript pop-up prompt, resulting in XSS. This ability to impersonate users could lead to unauthorized changes to settings. As of now, no patched versions are available for remediation. The vulnerability has a base severity rating of MEDIUM and an exploitability score of 2.8 out of 10, with low impact on integrity and confidentiality, as well as low availability impact.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-50250 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options