Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-12-22T16:39:47.736Z
Updated: 2023-12-22T16:39:47.736Z
Reserved: 2023-12-05T20:42:59.377Z
Link: CVE-2023-50250
JSON object: View
NVD Information
Status : Modified
Published: 2023-12-22T17:15:09.127
Modified: 2024-06-10T17:16:15.830
Link: CVE-2023-50250
JSON object: View
Redhat Information
No data.
CWE