PT-2024-5187 · Cacti+1 · Cacti+1

Nemesis1695

Published

2023-07-13

Updated

2025-02-10

CVE-2024-27082

CVSS v2.0

8.7

High

Vector

AV:N/AC:L/Au:S/C:C/I:P/A:C

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.27

Description: Cacti provides an operational monitoring and fault management framework. The issue is related to stored cross-site scripting, where malicious scripts are permanently stored on a target server and served to users who access a particular page. This occurs due to a lack of protection for the web page structure, allowing a remote attacker to execute cross-site scripting using a specially crafted page.

Recommendations: For versions prior to 1.2.27, update to version 1.2.27, which contains a patch for the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages until the update is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2023-4394

ALT-PU-2023-4396

ALT-PU-2023-5196

ALT-PU-2024-17822

ALT-PU-2025-1813

BDU:2024-05743

CVE-2024-27082

DSA-5862-1

GHSA-J868-7VJP-RP9H

OPENSUSE-SU-2024:0274-1

OPENSUSE-SU-2024:0276-1

OPENSUSE-SU-2024:13962-1

Affected Products

Alt Linux

Cacti

PT-2024-5187 · Cacti+1 · Cacti+1

CVE-2024-27082

Weakness Enumeration

Related Identifiers

Affected Products

References · 67