Cross-site Scripting (XSS) - Stored in cacti/cactiValid
Jan 1st 2022
Hi there cacti maintainer team, I would like to report a stored XSS in cacti source code. It is due to unsanitized error message in synchronizing aggregates for color.
Proof of Concept
- Install a cacti instance in your local
- Go to Color and create a color with name
<img src=a onerror=alert(document.cookie)>
- Back to color list, click on a color and select action
Sync Aggregates, then click Continue
- See that an XSS is triggered and a pop up appears with your session cookie in it.
This vulnerability is capable of stored XSS.