CVE-2025-45160 - HTML Injection in Cacti Authenticated Template Upload Description: A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper sanitization. Attackers can inject arbitrary HTML elements (e.g., , , ) into the rendered page. Proof of Concept: 1. Login to the application. 2. Navigate to the file upload interface. 3. Upload a file with invalid content (file content may be empty) and provide the following filename: . 4. Upon submission, the application displays a popup error including the unsanitized filename. 5. The tag is rendered in the popup, altering the layout and potentially misleading the user. Impact: While this does not allow JavaScript execution (i.e., no XSS), it constitutes an HTML Injection vulnerability that could be used to alter the DOM, perform UI redressing, or launch social engineering attacks. Affected Component: - Authenticated Template File Upload Endpoint - Error Handling - Vulnerable Parameter: Vulnerability Type: HTML Injection Affected Product: - Cacti - Versions: <= 1.2.29 - Vendor: https://github.com/Cacti/cacti Discoverer: Dogus Demirkiran Reference: - http://cacti.com - https://github.com/Cacti/cacti