PT-2026-5309 · Cacti · Cacti
Published
2026-01-29
·
Updated
2026-01-29
·
CVE-2025-45160
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Cacti versions prior to 1.2.29
Description
A flaw exists in the file upload functionality that allows for the injection of arbitrary HTML elements. This occurs when a file with an invalid format is uploaded, and the application displays the filename in an error popup without sufficient sanitization. Attackers can leverage this to inject HTML elements, such as
<h1>, <b>, and <svg>, into the rendered page. The vulnerable component is the file upload functionality.Recommendations
Update to a version newer than 1.2.29.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cacti