PT-2024-5189 · Cacti+3 · Cacti+3

Ishgard-2

Published

2023-07-13

Updated

2025-01-24

CVE-2024-31443

CVSS v3.1

5.7

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.27

Description: Cacti provides an operational monitoring and fault management framework. The issue arises from the form save() function in data queries.php, where some stored data is not thoroughly checked and is used to concatenate the HTML statement in the grow right pane tree() function from lib/html.php, resulting in cross-site scripting.

Recommendations: For versions prior to 1.2.27, update to version 1.2.27 or later, which contains a patch for the issue. As a temporary workaround, consider disabling the form save() function in data queries.php until a patch is available. Restrict access to the grow right pane tree() function from lib/html.php to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2023-4394

ALT-PU-2023-4396

ALT-PU-2023-5196

ALT-PU-2024-17822

ALT-PU-2025-1813

BDU:2024-05745

CVE-2024-31443

DLA-3884-1

GHSA-RQC8-78CM-85J3

OPENSUSE-SU-2024:0274-1

OPENSUSE-SU-2024:0276-1

OPENSUSE-SU-2024:13962-1

USN-6969-1

Affected Products

Alt Linux

Cacti

Linuxmint

Ubuntu

PT-2024-5189 · Cacti+3 · Cacti+3

CVE-2024-31443

Weakness Enumeration

Related Identifiers

Affected Products

References · 75