Summary:
A recently discovered stored cross-site scripting (XSS) vulnerability in Cacti allows an authenticated user to poison the data stored in Cacti's database. The vulnerability can be exploited by supplying a malicious device name, resulting in stored XSS. If successfully exploited, threat actors can perform various malicious actions and attacks. Organizations using Cacti are advised to make the data as a text element in the rendered HTML to prevent execution of the malicious code.
Hashtags: #Cacti #Vulnerabilities #XSS