CVE-2024-31443

Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.

CVSS v3 5.7 MEDIUM

5.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf	Patch
https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3	Exploit Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/	Product
https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf	Patch
https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3	Exploit Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*

History

18 Dec 2024, 18:28

Type	Values Removed	Values Added
References	~~() https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf -~~	() https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf - Patch
References	~~() https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3 -~~	() https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3 - Exploit, Vendor Advisory
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/ - Product
First Time		Fedoraproject fedora Cacti Cacti cacti Fedoraproject
CPE		cpe:2.3:a:cacti:cacti:::::::: cpe:2.3:o:fedoraproject:fedora:39:::::::*

21 Nov 2024, 09:13

Type	Values Removed	Values Added
References	~~() https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf -~~	() https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf -
References	~~() https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3 -~~	() https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3 -
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/ -

10 Jun 2024, 17:16

Type	Values Removed	Values Added
Summary		(es) Cacti proporciona un framework de monitoreo operativo y gestión de fallas. Antes de 1.2.27, algunos de los datos almacenados en la función `form_save()` en `data_queries.php` no se verifican minuciosamente y se usan para concatenar la declaración HTML en la función `grow_right_pane_tree()` de `lib/html.php `, lo que finalmente resulta en Cross Site Scripting. La versión 1.2.27 contiene un parche para el problema.
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/ -

14 May 2024, 15:25

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 15:25

Updated : 2024-12-18 18:28

NVD link : CVE-2024-31443

Mitre link : CVE-2024-31443

CVE.ORG link : CVE-2024-31443

JSON object : View

Products Affected

fedoraproject

fedora

cacti

cacti

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

5.7 /10