CVE-2023-39515
Stored Cross-site Scripting on data_debug.php datasource path view in Cacti
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_debug.php` displays data source related debugging information such as _data source paths, polling settings, meta-data on the data source_. _CENSUS_ found that an adversary that is able to configure a malicious data-source path, can deploy a stored XSS attack against any user that has privileges related to viewing the `data_debug.php` information. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the data source path in _cacti_. This configuration occurs through `http://<HOST>/cacti/data_sources.php`. This vulnerability has been addressed in version 1.2.25. Users are advised to upgrade. Users unable to update should manually filter HTML output.
Cacti es un framework de monitorización operativa y gestión de fallos de código abierto. Las versiones afectadas están sujetas a una vulnerabilidad de Cross-Site Scripting (XSS) almacenado que permite a un usuario autenticado envenenar a los datos almacenados en la base de datos de cacti.Estos datos serán visualizados por las cuentas administrativas de cacti y ejecutarán código JavaScript en el navegador de la víctima en tiempo de visualización. El script bajo `data_debug.php`muestra información de depuración relacionada con la fuente de datos, como _rutas de la fuente de datos, configuraciones de sondeo y metadatos en la fuente de datos_._CENSUS_ descubrió que un adversario que es capaz de configurar una ruta de fuente de datos maliciosa, puede implementar un ataque XSS almacenado contra cualquier usuario que tenga privilegios relacionados con la visualización de la información `data_debug.php`.Un usuario que posee los permisos _Administración general>Sitios/Dispositivos/Datos_ puede configurar la ruta de la fuente de datos en _cacti_. Esta configuración se produce a través de `http:///cacti/data_sources.php`. Esta vulnerabilidad se ha solucionado en la versión 1.2.25. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben filtrar manualmente la salida HTML.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2023-08-03 CVE Reserved
- 2023-09-05 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-09-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (6)
| URL | Date | SRC |
|---|---|---|
| https://github.com/Cacti/cacti/security/advisories/GHSA-hrg9-qqqx-wc4h | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cacti Search vendor "Cacti" | Cacti Search vendor "Cacti" for product "Cacti" | < 1.2.25 Search vendor "Cacti" for product "Cacti" and version " < 1.2.25" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 38 Search vendor "Fedoraproject" for product "Fedora" and version "38" | - |
Affected
| ||||||