CVE-2023-39513

Summary

CVE	CVE-2023-39513
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2023-09-05 21:15:00 UTC
Updated	2024-03-18 20:15:00 UTC
Description	Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `host.php` is used to monitor and manage hosts in the _cacti_ app, hence displays useful information such as data queries and verbose logs. _CENSUS_ found that an adversary that is able to configure a data-query template with malicious code appended in the template path, in order to deploy a stored XSS attack against any user with the _General Administration>Sites/Devices/Data_ privileges. A user that possesses the _Template Editor>Data Queries_ permissions can configure the data query template path in _cacti_. Please note that such a user may be a low privileged user. This configuration occurs through `http://<HOST>/cacti/data_queries.php` by editing an existing or adding a new data query template. If a template is linked to a device then the formatted template path will be rendered in the device's management page, when a _verbose data query_ is requested. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.

Risk And Classification

Problem Types: CWE-79

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Cacti	Cacti	All	All	All	All
Operating System	Fedoraproject	Fedora	37	All	All	All
Operating System	Fedoraproject	Fedora	38	All	All	All

References

Reference	Source	Link	Tags
Cross-Site Scripting vulnerability with Device Name when debugging data queries · Advisory · Cacti/cacti · GitHub	MISC	github.com
Debian -- Security Information -- DSA-5550-1 cacti		www.debian.org
[SECURITY] Fedora 37 Update: cacti-1.2.25-1.fc37 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 38 Update: cacti-spine-1.2.25-1.fc38 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 39 Update: cacti-spine-1.2.25-1.fc39 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
lists.debian.org/debian-lts-announce/2024/03/msg00018.html		lists.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

150720 Cacti Prior to 1.2.25 Multiple Security Vulnerabilities
284617 Fedora Security Update for cacti (FEDORA-2023-06a2a6e03c)
284618 Fedora Security Update for cacti (FEDORA-2023-6335ea9c0c)
285223 Fedora Security Update for cacti (FEDORA-2023-248dff7cbe)
505987 Alpine Linux Security Update for cacti
510697 Alpine Linux Security Update for cacti
6000315 Debian Security Update for cacti (DSA 5550-1)
6000528 Debian Security Update for cacti (DLA 3765-1)
6000542 Debian Security Update for cacti (DSA 5646-1)