CVE-2024-43365 Stored Cross-site Scripting (XSS) when creating external links in Cacti

Cacti is an open source performance and fault management framework. Theconsolenewsection parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in index.php, finally leading t...

CVE-2024-43365 Stored Cross-site Scripting (XSS) when creating external links in Cacti

Cacti is an open source performance and fault management framework. Theconsolenewsection parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewsection parameter is stored in the database and reflected back to user in index.php, finally leading t...

CVE-2024-43365

CVE-2024-43365 affects Cacti. The issue is a stored XSS in the consolenewsection parameter when creating external links (links.php), which is saved in the database and reflected in index.php. Exploitation requires user privileges to create external links; input is stored and displayed without pro...

CVE-2024-43364

Cacti is an open source performance and fault management framework. The title parameter is not properly sanitized when saving external links in links.php . Morever, the said title parameter is stored in the database and reflected back to user in index.php, finally leading to stored XSS. Users wit...