Description

Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in `index.php`, finally leading to stored XSS. Users with the privilege to create external links can manipulate the “consolenewsection” parameter in the http post request while creating external links to perform stored XSS attacks. The vulnerability known as XSS (Cross-Site Scripting) occurs when an application allows untrusted user input to be displayed on a web page without proper validation or escaping. This issue has been addressed in release version 1.2.28. All users are advised to upgrade. There are no known workarounds for this vulnerability.

INFO

Published Date :

2024-10-07T20:38:26.732Z

Last Modified :

2025-11-03T20:38:49.591Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-43365 vulnerability.

Vendors Products
Cacti
  • Cacti
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-43365.

URL Resource
https://github.com/Cacti/cacti/security/advisories/GHSA-49f2-hwx9-qffr cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact