Cross-site scripting in Cacti - CVE-2024-43365
Published: October 7, 2024 / Updated: June 19, 2026
Cacti
Detailed vulnerability description
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to cross-site scripting in the consolenewsection parameter in links.php and its rendering in index.php when creating and viewing external links. A remote user can submit a specially crafted HTTP POST request to cause a denial of service.
The injected input is stored in the database and later reflected to users, and user interaction is required to view the malicious external link entry.