CVE-2023-50250

Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/templates_import.php	Exploit Vendor Advisory
https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73	Exploit Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/	Release Notes
https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/templates_import.php	Exploit Vendor Advisory
https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73	Exploit Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:cacti:cacti:1.2.25:*:*:*:*:*:*:*

History

10 Apr 2025, 20:31

Type	Values Removed	Values Added
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/ - Release Notes

13 Feb 2025, 18:15

Type	Values Removed	Values Added
Summary	(en) Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.	(en) Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available.

21 Nov 2024, 08:36

Type	Values Removed	Values Added
References	~~() https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/templates_import.php - Exploit, Vendor Advisory~~	() https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/templates_import.php - Exploit, Vendor Advisory
References	~~() https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73 - Exploit, Vendor Advisory~~	() https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73 - Exploit, Vendor Advisory
References	~~() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/ -~~	() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/ -
CVSS	v2 : ~~unknown~~ v3 : ~~6.1~~	v2 : unknown v3 : 5.4

10 Jun 2024, 17:16

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/ -
Summary	(es) Cacti es un framework de gestión de fallos y monitoreo operativo de código abierto. Se descubrió una vulnerabilidad de cross-site scripting reflejado en la versión 1.2.25. Los atacantes pueden aprovechar esta vulnerabilidad para realizar acciones en nombre de otros usuarios. La vulnerabilidad se encuentra en `templates_import.php.` Al cargar un archivo de plantilla xml, si el archivo XML no pasa la verificación, el servidor mostrará un mensaje emergente de JavaScript, que contiene el nombre del archivo de plantilla xml sin filtrar, lo que resulta en XSS. . Un atacante que aproveche esta vulnerabilidad podría ejecutar acciones en nombre de otros usuarios. Esta capacidad de hacerse pasar por usuarios podría dar lugar a cambios no autorizados en la configuración. Al momento de la publicación, no hay versiones parcheadas disponibles.	(es) Cacti es un framework de gestión de fallos y monitoreo operativo de código abierto. Se descubrió una vulnerabilidad de cross-site scripting reflejado en la versión 1.2.25. Los atacantes pueden aprovechar esta vulnerabilidad para realizar acciones en nombre de otros usuarios. La vulnerabilidad se encuentra en `templates_import.php.` Al cargar un archivo de plantilla xml, si el archivo XML no pasa la verificación, el servidor mostrará un mensaje emergente de JavaScript, que contiene el nombre del archivo de plantilla xml sin filtrar, lo que resulta en XSS. Un atacante que aproveche esta vulnerabilidad podría ejecutar acciones en nombre de otros usuarios. Esta capacidad de hacerse pasar por usuarios podría dar lugar a cambios no autorizados en la configuración. Al momento de la publicación, no hay versiones parcheadas disponibles.

29 Dec 2023, 19:28

Type	Values Removed	Values Added
References	~~() https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/templates_import.php -~~	() https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/templates_import.php - Exploit, Vendor Advisory
References	~~() https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73 -~~	() https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73 - Exploit, Vendor Advisory
CPE		cpe:2.3:a:cacti:cacti:1.2.25:::::::*
First Time		Cacti Cacti cacti
CVSS	v2 : ~~unknown~~ v3 : ~~5.4~~	v2 : unknown v3 : 6.1
Summary		(es) Cacti es un framework de gestión de fallos y monitoreo operativo de código abierto. Se descubrió una vulnerabilidad de cross-site scripting reflejado en la versión 1.2.25. Los atacantes pueden aprovechar esta vulnerabilidad para realizar acciones en nombre de otros usuarios. La vulnerabilidad se encuentra en `templates_import.php.` Al cargar un archivo de plantilla xml, si el archivo XML no pasa la verificación, el servidor mostrará un mensaje emergente de JavaScript, que contiene el nombre del archivo de plantilla xml sin filtrar, lo que resulta en XSS. . Un atacante que aproveche esta vulnerabilidad podría ejecutar acciones en nombre de otros usuarios. Esta capacidad de hacerse pasar por usuarios podría dar lugar a cambios no autorizados en la configuración. Al momento de la publicación, no hay versiones parcheadas disponibles.

22 Dec 2023, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-22 17:15

Updated : 2025-04-10 20:31

NVD link : CVE-2023-50250

Mitre link : CVE-2023-50250

CVE.ORG link : CVE-2023-50250

JSON object : View

Products Affected

cacti

cacti

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2023-50250", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2023-12-22T17:15:09.127", "references": [{"url": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/templates_import.php", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/Cacti/cacti/blob/5f6f65c215d663a775950b2d9db35edbaf07d680/templates_import.php", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBEOAFKRARQHTDIYSL723XAFJ2Q6624X/", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cacti is an open source operational monitoring and fault management framework. A reflection cross-site scripting vulnerability was discovered in version 1.2.25. Attackers can exploit this vulnerability to perform actions on behalf of other users. The vulnerability is found in `templates_import.php.` When uploading an xml template file, if the XML file does not pass the check, the server will give a JavaScript pop-up prompt, which contains unfiltered xml template file name, resulting in XSS. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. As of time of publication, no patched versions are available."}, {"lang": "es", "value": "Cacti es un framework de gesti\u00f3n de fallos y monitoreo operativo de c\u00f3digo abierto. Se descubri\u00f3 una vulnerabilidad de cross-site scripting reflejado en la versi\u00f3n 1.2.25. Los atacantes pueden aprovechar esta vulnerabilidad para realizar acciones en nombre de otros usuarios. La vulnerabilidad se encuentra en `templates_import.php.` Al cargar un archivo de plantilla xml, si el archivo XML no pasa la verificaci\u00f3n, el servidor mostrar\u00e1 un mensaje emergente de JavaScript, que contiene el nombre del archivo de plantilla xml sin filtrar, lo que resulta en XSS. Un atacante que aproveche esta vulnerabilidad podr\u00eda ejecutar acciones en nombre de otros usuarios. Esta capacidad de hacerse pasar por usuarios podr\u00eda dar lugar a cambios no autorizados en la configuraci\u00f3n. Al momento de la publicaci\u00f3n, no hay versiones parcheadas disponibles."}], "lastModified": "2025-04-10T20:31:34.587", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cacti:cacti:1.2.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF5814EC-CFCB-4066-9260-FF78B45E2089"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}

5.4 /10