CVE-2024-27082

Name
CVE-2024-27082
Description
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page. Version 1.2.27 contains a patch for the issue.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://github.com/Cacti/cacti/security/advisories/GHSA-j868-7vjp-rp9h

Match rules

CPE URI Source package Min version Max version
cacti >= 0 < 1.2.27
cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:* cacti >= None < 1.2.27

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
cacti edge-community 1.2.29-r0 None fixed
cacti edge-community 1.2.26-r0 Jeff Bilyk <jbilyk@gmail.com> possibly vulnerable
cacti edge-community 1.2.25-r0 Jeff Bilyk <jbilyk@gmail.com> possibly vulnerable
cacti edge-community 1.2.20-r0 Jeff Bilyk <jbilyk@gmail.com> possibly vulnerable
cacti edge-community 1.2.17-r0 Jeff Bilyk <jbilyk@gmail.com> possibly vulnerable
cacti edge-community 1.2.13-r0 None possibly vulnerable
cacti edge-community 1.2.8-r0 None possibly vulnerable
cacti 3.22-community 1.2.29-r0 None fixed
cacti 3.22-community 1.2.26-r0 None possibly vulnerable
cacti 3.22-community 1.2.25-r0 None possibly vulnerable
cacti 3.22-community 1.2.20-r0 None possibly vulnerable
cacti 3.22-community 1.2.17-r0 None possibly vulnerable
cacti 3.22-community 1.2.13-r0 None possibly vulnerable
cacti 3.22-community 1.2.8-r0 None possibly vulnerable
cacti 3.21-community 1.2.29-r0 None fixed