Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-49088

Опубликовано: 22 дек. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 6.1

Описание

Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in data_debug.php. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: General Administration>Sites/Devices/Data. The victim of this attack could be any account with permissions to view http://<HOST>/cacti/data_debug.php. As of time of publication, no complete fix has been included in Cacti.

РелизСтатусПримечание
bionic

ignored

end of standard support
devel

not-affected

1.2.26+ds1-1
esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

not-affected

1.2.26+ds1-1
esm-apps/xenial

needs-triage

esm-infra-legacy/trusty

needs-triage

focal

ignored

end of standard support, was needs-triage
jammy

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 77%
0.0102
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2023-49088

CVSS3: 6.1
nvd
около 2 лет назад

Cacti is an open source operational monitoring and fault management framework. The fix applied for CVE-2023-39515 in version 1.2.25 is incomplete as it enables an adversary to have a victim browser execute malicious code when a victim user hovers their mouse over the malicious data source path in `data_debug.php`. To perform the cross-site scripting attack, the adversary needs to be an authorized cacti user with the following permissions: `General Administration>Sites/Devices/Data`. The victim of this attack could be any account with permissions to view `http://<HOST>/cacti/data_debug.php`. As of time of publication, no complete fix has been included in Cacti.

debian логотип

CVE-2023-49088

CVSS3: 6.1
debian
около 2 лет назад

Cacti is an open source operational monitoring and fault management fr ...

fstec логотип

BDU:2024-00192

CVSS3: 6.1
fstec
больше 2 лет назад

Уязвимость программного средства мониторинга сети Cacti, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный код

suse-cvrf логотип

openSUSE-SU-2024:0031-1

suse-cvrf
около 2 лет назад

Security update for cacti, cacti-spine

EPSS

Процентиль: 77%
0.0102
Низкий

6.1 Medium

CVSS3

Уязвимость CVE-2023-49088