Vissamoutafis

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.25 **Description** The issue is related to a Stored Cross-Site-Scripting (XSS) vulnerability, which allows an authenticated user to poison data stored in the Cacti database. This data will be viewed by administrative Cacti accounts and execute JavaScript code in the victim's browser at view-time. The script under `reports admin.php` displays reporting information about graphs, devices, data sources, etc. An adversary can deploy a stored XSS attack against any super user who has privileges of viewing the `reports admin.php` page by configuring a malicious device name related to a graph attached to a report. This configuration occurs through `http://<HOST>/cacti/host.php`, while the rendered malicious payload is exhibited at `http://<HOST>/cacti/reports admin.php` when a graph with the maliciously altered device name is linked to the report. **Recommendations** For versions prior to 1.2.25, upgrade to version 1.2.25 or later to address the issue. As a temporary workaround for users unable to upgrade, manually filter HTML output. Restrict access to the `reports admin.php` page to minimize the risk of exploitation. Avoid using the `http://<HOST>/cacti/host.php` endpoint to configure device names until the issue is resolved. Consider temporarily disabling the `reports admin.php` script until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.25 **Description** Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability that allows an authenticated user to poison data stored in the cacti 's database. These data will be viewed by administrative cacti accounts and execute JavaScript code in the victim's browser at view-time. The `reports admin.php` script displays reporting information about graphs, devices, data sources etc. An adversary that is able to configure a malicious Device name can deploy a stored XSS attack against any user of the same (or broader) privileges. This configuration occurs through "http://<HOST>/cacti/host.php", while the rendered malicious payload is exhibited at "http://<HOST>/cacti/reports admin.php" when a graph with the maliciously altered device name is linked to the report. **Recommendations** To resolve the issue, upgrade to version 1.2.25 or later. For versions prior to 1.2.25, users unable to update should manually filter HTML output. As a temporary workaround, consider restricting access to the `http://<HOST>/cacti/host.php` and `http://<HOST>/cacti/reports admin.php` endpoints to minimize the risk of exploitation. Additionally, restrict the ability to configure device names in cacti to only trusted users with the General Administration>Sites/Devices/Data permissions.

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.25 **Description** Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the Cacti database. These data will be viewed by administrative Cacti accounts and execute JavaScript code in the victim's browser at view-time. The script under `host.php` is used to monitor and manage hosts in the Cacti app, hence displays useful information such as data queries and verbose logs. An adversary that is able to configure a data-query template with malicious code appended in the template path can deploy a stored XSS attack against any user with the General Administration>Sites/Devices/Data privileges. This configuration occurs through `http://<HOST>/cacti/data queries.php` by editing an existing or adding a new data query template. If a template is linked to a device then the formatted template path will be rendered in the device's management page, when a verbose data query is requested. **Recommendations** For versions prior to 1.2.25, upgrade to version 1.2.25 or later to resolve the issue. As a temporary workaround for users unable to update, manually filter HTML output. Consider restricting access to the `data queries.php` page to minimize the risk of exploitation. Avoid using the `http://<HOST>/cacti/data queries.php` endpoint to edit or add new data query templates until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.25 **Description** The issue exists due to inadequate protection of the web page structure in the data debug.php script of the Cacti network monitoring tool. This allows a remote attacker to conduct cross-site scripting attacks. An authenticated user can poison data stored in Cacti's database, which will be viewed by administrative accounts and execute JavaScript code in the victim's browser. The vulnerability can be exploited by configuring a malicious data-source path, which can be done by a user with General Administration>Sites/Devices/Data permissions through the http://<HOST>/cacti/data sources.php endpoint. The `data debug.php` script displays data source related debugging information. **Recommendations** For versions prior to 1.2.25, upgrade to version 1.2.25 or later to resolve the issue. As a temporary workaround for users unable to update, manually filter HTML output to minimize the risk of exploitation. Restrict access to the `data debug.php` script and the `http://<HOST>/cacti/data sources.php` endpoint to minimize the risk of exploitation. Consider disabling the configuration of data source paths for users with General Administration>Sites/Devices/Data permissions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.25 **Description** The issue is a Stored Cross-Site-Scripting (XSS) vulnerability that allows an authenticated user to poison data stored in the Cacti database. This data will be viewed by administrative Cacti accounts and execute JavaScript code in the victim's browser at view-time. The script under `graphs.php` displays graph details such as data-source paths, data template information, and graph related fields. An adversary can deploy a stored XSS attack against any user with General Administration>Graphs privileges by configuring either a data-source template with malicious code appended in the data-source name or a device with a malicious payload injected in the device name. This configuration occurs through the `http://<HOST>/cacti/data templates.php` endpoint by editing an existing or adding a new data template. A user with Template Editor>Data Templates permissions can configure the data-source name, and a user with General Administration>Sites/Devices/Data permissions can configure the device name. **Recommendations** To resolve the issue, upgrade to version 1.2.25 or later. For versions prior to 1.2.25, add manual HTML escaping as a temporary workaround. As a mitigation measure, consider restricting access to the `graphs.php` script and the `http://<HOST>/cacti/data templates.php` endpoint to minimize the risk of exploitation. Additionally, limit the permissions of users with Template Editor>Data Templates and General Administration>Sites/Devices/Data permissions to reduce the attack surface.

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.25 **Description** Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability that allows an authenticated user to poison data stored in the cacti 's database. These data will be viewed by administrative cacti accounts and execute JavaScript code in the victim's browser at view-time. The `data sources.php` script displays the data source management information for different data visualizations of the cacti app. An adversary that is able to configure a malicious Device name can deploy a stored XSS attack against any user of the same or broader privileges. This configuration occurs through "http://<HOST>/cacti/host.php", while the rendered malicious payload is exhibited at "http://<HOST>/cacti/data sources.php". **Recommendations** For versions prior to 1.2.25, upgrade to version 1.2.25 or later to address the vulnerability. As a temporary workaround for users unable to update, manually filter HTML output. Restrict access to the `data sources.php` script and `http://<HOST>/cacti/host.php` endpoint to minimize the risk of exploitation. Avoid using the `Device name` parameter in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.25 **Description** The issue is related to a Stored Cross-Site-Scripting (XSS) vulnerability in Cacti, an open source operational monitoring and fault management framework. This vulnerability allows an authenticated user to poison data stored in the Cacti database, which can be viewed by administrative accounts and execute JavaScript code in the victim's browser. The script under `data sources.php` displays data source management information, and an adversary can deploy a stored XSS attack by configuring a malicious data-source path. This configuration occurs through the `http://<HOST>/cacti/data sources.php` page. **Recommendations** For versions prior to 1.2.25, upgrade to version 1.2.25 or later to resolve the issue. For users unable to upgrade, manually escape HTML output as a temporary workaround. As a mitigation measure, consider restricting access to the `data sources.php` page and limiting the ability to configure data source paths to only trusted users.

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.25 **Description** The issue exists due to inadequate protection of the web page structure in the Cacti network monitoring tool. This allows a remote attacker to conduct cross-site scripting attacks. An authenticated user can poison data stored in the Cacti database, which will be viewed by administrative accounts and execute JavaScript code in the victim's browser. The vulnerability can be exploited by configuring a malicious device name, which can be done by a user with General Administration>Sites/Devices/Data permissions through the `http://<HOST>/cacti/host.php` endpoint. The malicious payload is rendered at the `http://<HOST>/cacti/data sources.php` endpoint. **Recommendations** For versions prior to 1.2.25, upgrade to version 1.2.25 or later to resolve the issue. As a temporary workaround for users unable to update, manually filter HTML output to minimize the risk of exploitation. Restrict access to the `data sources.php` script and the `host.php` endpoint to minimize the risk of exploitation. Avoid using the device name configuration feature in Cacti until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Cacti versions prior to 1.2.25 **Description** The issue exists due to inadequate protection of the web page structure, allowing a remote attacker to execute arbitrary code. This can be achieved through a cross-site scripting attack when a victim user hovers over a malicious data source path in the `data debug.php` file. The attacker must have specific permissions, including `General Administration>Sites/Devices/Data`, to perform the attack. The victim can be any account with permissions to view the `http://<HOST>/cacti/data debug.php` endpoint. **Recommendations** For versions prior to 1.2.25, consider restricting access to the `data debug.php` file and limiting permissions to `General Administration>Sites/Devices/Data` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.