Cross-site scripting in Cacti - CVE-2024-43362
Published: October 7, 2024 / Updated: June 19, 2026
Cacti
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary script in a victim's browser.
The vulnerability exists due to cross-site scripting in the external links functionality when processing the fileurl parameter while creating external links. A remote user can submit a specially crafted fileurl value to execute arbitrary script in a victim's browser.
User interaction is required to view the affected page, and exploitation can occur when the victim opens the main console page or the external link view page.