CVE-2024-30268 MEDIUM

CVE-2024-30268: Cacti XSS vulnerability in display_settings

Vendor Cacti
Product cacti
Weakness CWE-79 · XSS
Published May 13, 2024
Last update August 2, 2024
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit a38b9046e9772612fda847b46308f9391a49891e.

Key dates

02Disclosure timeline

May 13, 2024 CVE published
August 2, 2024 Record updated