Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php.
References
Link | Resource |
---|---|
https://gist.github.com/ISHGARD-2/a6b57de899f977e2af41780e7428b4bf | Exploit Third Party Advisory |
https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73 | Exploit Vendor Advisory |
Configurations
History
29 Dec 2023, 06:23
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
References | () https://gist.github.com/ISHGARD-2/a6b57de899f977e2af41780e7428b4bf - Exploit, Third Party Advisory | |
References | () https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73 - Exploit, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
First Time |
Cacti
Cacti cacti |
|
Summary |
|
|
CPE | cpe:2.3:a:cacti:cacti:1.2.25:*:*:*:*:*:*:* |
24 Dec 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Dec 2023, 11:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-22 11:15
Updated : 2023-12-29 06:23
NVD link : CVE-2023-50569
Mitre link : CVE-2023-50569
CVE.ORG link : CVE-2023-50569
JSON object : View
Products Affected
cacti
- cacti
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')