CVE-2023-50569

Name of the Vulnerable Software and Affected Versions Cacti version 1.2.25

Description The issue is a Reflected Cross Site Scripting (XSS) vulnerability that allows remote attackers to escalate privileges. This occurs when an xml template file is uploaded via the "templates import.php" API endpoint. The vulnerability enables attackers to inject malicious scripts, potentially leading to unauthorized access or data manipulation.

Recommendations For Cacti version 1.2.25, consider disabling the xml template upload feature via the "templates import.php" API endpoint until a patch is available. Restrict access to this endpoint to minimize the risk of exploitation. Avoid using the xml template upload feature until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.