Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). A vulnerability in versions prior to 1.2.27 bypasses an earlier fix for CVE-2023-39360, therefore leading to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. The impact of the vulnerability is execution of arbitrary JavaScript code in the attacked user's browser. This issue has been patched in version 1.2.27.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-12-21T23:29:45.134Z
Updated: 2024-06-03T12:54:31.990Z
Reserved: 2023-11-21T18:57:30.428Z
Link: CVE-2023-49086
JSON object: View
NVD Information
Status : Modified
Published: 2023-12-22T00:15:34.857
Modified: 2024-06-10T17:16:15.433
Link: CVE-2023-49086
JSON object: View
Redhat Information
No data.
CWE