![]() The script under `graphs.php` displays graph details such as data-source paths, data template information and graph related fields. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. Users unable to update should manually filter HTML output.Ĭacti is an open source operational monitoring and fault management framework. This configuration occurs through ` This vulnerability has been addressed in version 1.2.25. A user that possesses the _General Administration>Sites/Devices/Data_ permissions can configure the data source path in _cacti_. _CENSUS_ found that an adversary that is able to configure a malicious data-source path, can deploy a stored XSS attack against any user that has privileges related to viewing the `data_debug.php` information. The script under `data_debug.php` displays data source related debugging information such as _data source paths, polling settings, meta-data on the data source_. These data will be viewed by administrative cacti accounts and execute JavaScript code in the victim's browser at view-time. Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti's database. ![]() Users unable to upgrade should manually escape HTML output.Ĭacti is an open source operational monitoring and fault management framework. This issue has been addressed in version 1.2.25. ![]() This configuration occurs through ` The same page can be used for previewing the data source path. This vulnerability affects Firefox Sites/Devices/Data' permissions can configure the data source path in Cacti. This could have led to a use-after-free causing a potentially exploitable crash. When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |