CVE-2024-30268
CVSS V2 None
CVSS V3 None
Description
Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit a38b9046e9772612fda847b46308f9391a49891e.
Overview
- CVE ID
- CVE-2024-30268
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-05-13T14:56:18.471Z
- Last Modified Date
- 2024-06-04T17:39:38.687Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/Cacti/cacti/security/advisories/GHSA-9m3v-whmr-pc2q | x_refsource_CONFIRM |
https://github.com/Cacti/cacti/commit/a38b9046e9772612fda847b46308f9391a49891e | x_refsource_MISC |
https://github.com/Cacti/cacti/blob/08497b8bcc6a6037f7b1aae303ad8f7dfaf7364e/settings.php#L66 | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-30268 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30268 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-26 11:52:55 | Added to TrackCVE |