 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2023-49088 |
| Description: | Cacti is an open source operational monitoring and fault management
framework. The fix applied for CVE-2023-39515 in version 1.2.25 is
incomplete as it enables an adversary to have a victim browser execute
malicious code when a victim user hovers their mouse over the
malicious data source path in `data_debug.php`. To perform the cross-
site scripting attack, the adversary needs to be an authorized cacti
user with the following permissions: `General
Administration>Sites/Devices/Data`. The victim of this attack could be
any account with permissions to view
`http:// |
| Test IDs: | None available |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-49088 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/ https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/data_debug.php https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x https://github.com/Cacti/cacti/security/advisories/GHSA-q7g7-gcf6-wh4x https://lists.debian.org/debian-lts-announce/2024/03/msg00018.html |