Fluid Attacks Database

Description

Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 are vulnerable to stored cross-site scripting, a type of cross-site scripting where malicious scripts are permanently stored on a target server and served to users who access a particular page. Version 1.2.27 contains a patch for the issue.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	cacti	=1.2.24+ds1-1 \|\| =1.2.24+ds1-1+deb12u1 \|\| =1.2.24+ds1-1+deb12u2 \|\| =1.2.24+ds1-1+deb12u3 \|\| =1.2.24+ds1-1+deb12u4 \|\| >=0 <1.2.24+ds1-1+deb12u5	1.2.24+ds1-1+deb12u5
debian 13	cacti	>=0 <1.2.27+ds1-1	1.2.27+ds1-1
debian 14	cacti	>=0 <1.2.27+ds1-1	1.2.27+ds1-1

Aliases

1. CVE-2024-270822. NVD-2024-270823. OSV-DEBIAN-2024-270824. OSV-2024-270825. SECURITY-TRACKER-CVE-2024-27082