CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
15.5%
Cacti provides an operational monitoring and fault management framework. A
reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows
attackers to obtain cookies of administrator and other users and fake their
login using obtained cookies. This issue is fixed in commit
a38b9046e9772612fda847b46308f9391a49891e.
github.com/Cacti/cacti/blob/08497b8bcc6a6037f7b1aae303ad8f7dfaf7364e/settings.php#L66
github.com/Cacti/cacti/commit/a38b9046e9772612fda847b46308f9391a49891e
github.com/Cacti/cacti/security/advisories/GHSA-9m3v-whmr-pc2q
launchpad.net/bugs/cve/CVE-2024-30268
nvd.nist.gov/vuln/detail/CVE-2024-30268
security-tracker.debian.org/tracker/CVE-2024-30268
www.cve.org/CVERecord?id=CVE-2024-30268