CVE-2024-31443 Information

Description

Cacti provides an operational monitoring and fault management framework. Prior to 1.2.27 some of the data stored in form_save() function in data_queries.php is not thoroughly checked and is used to concatenate the HTML statement in grow_right_pane_tree() function from lib/html.php finally resulting in cross-site scripting. Version 1.2.27 contains a patch for the issue.

Reference

https://github.com/Cacti/cacti/security/advisories/GHSA-rqc8-78cm-85j3 https://github.com/Cacti/cacti/commit/f946fa537d19678f938ddbd784a10e3290d275cf