Description

A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper sanitization. As a result, attackers can inject arbitrary HTML elements (e.g., <h1>, <b>, <svg>) into the rendered page. NOTE: Multiple third-parties including the maintainer have stated that they cannot reproduce this issue after 1.2.27.

INFO

Published Date :

2026-01-29T00:00:00.000Z

Last Modified :

2026-02-02T19:37:09.721Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-45160 vulnerability.

Vendors Products
Cacti
  • Cacti
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-45160.

URL Resource
https://gist.github.com/BEND0US/49d76897a5bb676d8c3f51425553cc32 cve-icon cve-icon
https://github.com/Cacti/cacti cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact