ishgard

1 exploit Active since May 2024
CVE-2024-31443 WRITEUP MEDIUM WRITEUP
Cacti < 1.2.27 - Stored Cross-Site Scripting via form_save() Data Handling
Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27, some of the data stored in `form_save()` function in `data_queries.php` is not thoroughly checked and is used to concatenate the HTML statement in `grow_right_pane_tree()` function from `lib/html.php` , finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.
CVSS 5.7