Cross-site Scripting (XSS) - Stored in cacti/cacti

Valid

Reported on

Jan 1st 2022


Description

Hi there cacti maintainer team, I would like to report a stored XSS in cacti source code. It is due to unsanitized error message in synchronizing aggregates for color.

Proof of Concept

  1. Install a cacti instance in your local
  2. Go to Color and create a color with name <img src=a onerror=alert(document.cookie)>
  3. Back to color list, click on a color and select action Sync Aggregates, then click Continue
  4. See that an XSS is triggered and a pop up appears with your session cookie in it.

Impact

This vulnerability is capable of stored XSS.

We are processing your report and will contact the cacti team within 24 hours. a month ago
We have contacted a member of the cacti team and are waiting to hear back a month ago
cacti/cacti maintainer
a month ago

Maintainer


Master branch is not really used, but I have tested this against the 1.2.X branch and it is valid.

cacti/cacti maintainer validated this vulnerability a month ago
M0rphling has been awarded the disclosure bounty
The fix bounty is now up for grabs
cacti/cacti maintainer
a month ago

Maintainer


Resolved in https://github.com/Cacti/cacti/commit/0c05f65273af61f444e216974f396210720e1135 input is now sanitized

Jimmy Conner confirmed that a fix has been merged on 0c05f6 a month ago
Jimmy Conner has been awarded the fix bounty
M0rphling
a month ago

Researcher


Thanks Jimmy Conner.