Cross-site Scripting (XSS) - Stored in cacti/cacti

Valid

Reported on

Jan 1st 2022

Description

Hi there cacti maintainer team, I would like to report a stored XSS in cacti source code. It is due to unsanitized error message in synchronizing aggregates for color.

Proof of Concept

  1. Install a cacti instance in your local
  2. Go to Color and create a color with name <img src=a onerror=alert(document.cookie)>
  3. Back to color list, click on a color and select action Sync Aggregates, then click Continue
  4. See that an XSS is triggered and a pop up appears with your session cookie in it.

Impact

This vulnerability is capable of stored XSS.

We are processing your report and will contact the cacti team within 24 hours. a year ago
We have contacted a member of the cacti team and are waiting to hear back a year ago
cacti/cacti maintainer
a year ago

Master branch is not really used, but I have tested this against the 1.2.X branch and it is valid.

cacti/cacti maintainer validated this vulnerability a year ago
M0rphling has been awarded the disclosure bounty
The fix bounty is now up for grabs
cacti/cacti maintainer
a year ago

Resolved in https://github.com/Cacti/cacti/commit/0c05f65273af61f444e216974f396210720e1135 input is now sanitized

Jimmy Conner marked this as fixed in 1.2.20 with commit 0c05f6 a year ago
Jimmy Conner has been awarded the fix bounty
This vulnerability will not receive a CVE
M0rphling
a year ago

Researcher

Thanks Jimmy Conner.

to join this conversation