Fortinet Discovers Cacti Cross-Site Scripting (XSS) Vulnerability
Fortinet's FortiGuard Labs has discovered a cross-site scripting (XSS) vulnerability in Cacti.
Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of these are wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.
The vulnerability exists due to insufficiently sanitizing user-supplied data in HTTP request sent to graphs.php so that remote attackers can exploit it to launch XSS attack. Successful exploitation of this vulnerability would allow injection and execution of arbitrary HTML and script code in the target user's browser in the security context of the affected Cacti.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Mar 19, 2015
Users should apply the solution provided by Cacti.
This is a stored cross-site scripting vulnerability. Only "View Graphs" and "Update Graphs" permissions are required to exploit it.
This vulnerability was discovered by Honggang Ren of Fortinet's FortiGuard Labs.