CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
EPSS
Percentile
33.6%
Cacti is an open source operational monitoring and fault management
framework. Affected versions are subject to a Stored Cross-Site-Scripting
(XSS) Vulnerability allows an authenticated user to poison data stored in
the cacti’s database. These data will be viewed by administrative cacti
accounts and execute JavaScript code in the victim’s browser at view-time.
Thereports_admin.php
script displays reporting information about graphs,
devices, data sources etc. CENSUS found that an adversary that is able to
configure a malicious Device name, can deploy a stored XSS attack against
any user of the same (or broader) privileges. A user that possesses the
General Administration>Sites/Devices/Data permissions can configure the
device names in cacti. This configuration occurs through
http://<HOST>/cacti/host.php
, while the rendered malicious payload is
exhibited at http://<HOST>/cacti/reports_admin.php
when the a graph with
the maliciously altered device name is linked to the report. This
vulnerability has been addressed in version 1.2.25. Users are advised to
upgrade. Users unable to update should manually filter HTML output.