VYPR
Medium severity6.1OSV Advisory· Published May 14, 2024· Updated Apr 15, 2026

CVE-2024-30268

CVE-2024-30268

Description

Cacti provides an operational monitoring and fault management framework. A reflected cross-site scripting vulnerability on the 1.3.x DEV branch allows attackers to obtain cookies of administrator and other users and fake their login using obtained cookies. This issue is fixed in commit a38b9046e9772612fda847b46308f9391a49891e.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Cacti (software)/CactiOSV2 versions
    releaes/1.2.19, release/1.0.0, release/1.0.1, …+ 1 more
    • (no CPE)range: releaes/1.2.19, release/1.0.0, release/1.0.1, …
    • (no CPE)range: 1.3.x DEV branch

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.