6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
20.2%
Cacti is an open source operational monitoring and fault management
framework.Affected versions are subject to a Stored Cross-Site-Scripting
(XSS) Vulnerability allows an authenticated user to poison data. The
vulnerability is found in graphs_new.php
. Several validations are
performed, but the returnto
parameter is directly passed to
form_save_button
. In order to bypass this validation, returnto must
contain host.php
. This vulnerability has been addressed in version
1.2.25. Users are advised to upgrade. Users unable to update should
manually filter HTML output.