CVE-2023-39511: 
Cacti vulnerability analysis and mitigation

Cacti is an open source operational monitoring and fault management framework. A Stored Cross-Site-Scripting (XSS) vulnerability was discovered in versions prior to 1.2.25 that allows an authenticated user to poison data stored in the Cacti's database. The vulnerability was discovered in September 2023 and affects the reports_admin.php functionality (GitHub Advisory).

The vulnerability exists in the reportsadmin.php script which displays reporting information about graphs, devices, and data sources. An adversary with General Administration>Sites/Devices/Data permissions can configure a malicious device name through the host.php interface. When this malicious device name is linked to a report, it gets rendered in reportsadmin.php without proper HTML escaping, allowing JavaScript code execution in the victim's browser. The vulnerability has been assigned a CVSS v3.1 base score of 6.1 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N) (NVD).

When exploited, this vulnerability allows attackers to execute arbitrary JavaScript code in the victim's browser context. This can lead to account takeover, performing unauthorized actions on the platform, redirecting users to malicious websites, stealing sensitive information, and potentially launching browser-based attacks or participating in DDoS attacks (GitHub Advisory).

The vulnerability has been fixed in Cacti version 1.2.25. Users are strongly advised to upgrade to this version or later. For users unable to upgrade immediately, it is recommended to manually filter HTML output when rendering user-supplied information or make it a text element in the rendered HTML (GitHub Advisory, Fedora Update).