5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.0%
cacti:sid library is vulnerable of Cross Site Scripting. The vulnerability is due to execution of arbitrary Java script code in the attacked user’s browser by using vulnerable component is the graphs_new.php
. It allows the attacker to execute of arbitrary Java script code and leads to DOM XSS attack.
github.com/Cacti/cacti/commit/6ec01c8b2983bf4fcb86f8c647655f74090b5be9
github.com/Cacti/cacti/security/advisories/GHSA-wc73-r2vw-59pr
lists.debian.org/debian-lts-announce/2024/03/msg00018.html
lists.fedoraproject.org/archives/list/[email protected]/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/
security-tracker.debian.org/tracker/CVE-2023-49086
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.0%