Bug 2280495 (CVE-2024-29894) - CVE-2024-29894 cacti: XSS vulnerability when using JavaScript based messaging API
Summary: CVE-2024-29894 cacti: XSS vulnerability when using JavaScript based messaging...
Keywords:
Status: NEW
Alias: CVE-2024-29894
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2280496 2280497
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-05-15 00:14 UTC by Robb Gatica
Modified: 2024-05-15 00:15 UTC (History)
0 users

Fixed In Version: cacti 1.2.27
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Robb Gatica 2024-05-15 00:14:54 UTC 
Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. `raise_message_javascript` from `lib/functions.php` now uses purify.js to fix CVE-2023-50250 (among others). However, it still generates the code out of unescaped PHP variables `$title` and `$header`. If those variables contain single quotes, they can be used to inject JavaScript code. An attacker exploiting this vulnerability could execute actions on behalf of other users. This ability to impersonate users could lead to unauthorized changes to settings. Version 1.2.27 fixes this issue.

https://github.com/Cacti/cacti/security/advisories/GHSA-grj5-8fcj-34gh
https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73
Comment 1 Robb Gatica 2024-05-15 00:15:10 UTC 
Created cacti tracking bugs for this issue:

Affects: epel-all [bug 2280496]
Affects: fedora-all [bug 2280497]
Note You need to log in before you can comment on or make changes to this bug.