CVE-2024-30268: Cacti XSS vulnerability in display_settings
First published: Mon May 13 2024(Updated: )
Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit a38b9046e9772612fda847b46308f9391a49891e.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cacti | >=1.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-30268?
CVE-2024-30268 is classified as a moderate severity reflected cross-site scripting vulnerability.
How do I fix CVE-2024-30268?
To fix CVE-2024-30268, upgrade to the latest version of Cacti beyond 1.3.x.
What versions of Cacti are affected by CVE-2024-30268?
CVE-2024-30268 affects Cacti versions 1.3.0 through 1.3.x on the DEV branch.
What are the risks associated with CVE-2024-30268?
Exploitation of CVE-2024-30268 allows attackers to steal cookies from administrators and other users, potentially leading to unauthorized access.
Is CVE-2024-30268 actively being exploited?
There are reports that CVE-2024-30268 is being targeted in the wild, emphasizing the need for prompt updates.
- agent/references
- agent/weakness
- agent/title
- agent/description
- agent/type
- agent/first-publish-date
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cacti
- canonical/cacti