Cross-site scripting in Cacti - CVE-2024-43364
Published: October 7, 2024 / Updated: June 19, 2026
Cacti
Detailed vulnerability description
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to cross-site scripting in the external links functionality when saving an external link with a crafted title parameter. A remote user can send a specially crafted request to cause a denial of service.
User interaction is required for the stored payload to be viewed in the application.