Vulnerability Description
Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit a38b9046e9772612fda847b46308f9391a49891e.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/Cacti/cacti/blob/08497b8bcc6a6037f7b1aae303ad8f7dfaf7364e/set
- https://github.com/Cacti/cacti/commit/a38b9046e9772612fda847b46308f9391a49891e
- https://github.com/Cacti/cacti/security/advisories/GHSA-9m3v-whmr-pc2q
- https://github.com/Cacti/cacti/blob/08497b8bcc6a6037f7b1aae303ad8f7dfaf7364e/set
- https://github.com/Cacti/cacti/commit/a38b9046e9772612fda847b46308f9391a49891e
- https://github.com/Cacti/cacti/security/advisories/GHSA-9m3v-whmr-pc2q
FAQ
What is CVE-2024-30268?
CVE-2024-30268 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and ...
How severe is CVE-2024-30268?
CVE-2024-30268 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-30268?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.