2255645 – (CVE-2023-50569) CVE-2023-50569 cacti: Reflected Cross Site Scripting (XSS) vulnerability in Cacti

Bug 2255645 (CVE-2023-50569) - CVE-2023-50569 cacti: Reflected Cross Site Scripting (XSS) vulnerability in Cacti

Summary: CVE-2023-50569 cacti: Reflected Cross Site Scripting (XSS) vulnerability in C...

Keywords:
Status:	NEW
Alias:	CVE-2023-50569
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2255646 2255647 2255668
Blocks:
TreeView+	depends on / blocked

Reported:	2023-12-22 17:35 UTC by Patrick Del Bello
Modified:	2025-04-15 00:00 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Patrick Del Bello 2023-12-22 17:35:12 UTC

Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php.

https://gist.github.com/ISHGARD-2/a6b57de899f977e2af41780e7428b4bf

Comment 1 Patrick Del Bello 2023-12-22 17:35:28 UTC

Created cacti tracking bugs for this issue:

Affects: epel-all [bug 2255646]
Affects: fedora-all [bug 2255647]

Note You need to log in before you can comment on or make changes to this bug.