Cacti Cross Site Scripting And HTML Injection Vulnerabilities Network Vulnerability

Summary

Cacti is prone to cross-site-scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie- based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Versions prior to Cacti 0.8.7g are vulnerable.

Solution

Updates are available. Please see the references for more information.

References

http://cacti.net/
https://bugzilla.redhat.com/show_bug.cgi?id=459105
https://bugzilla.redhat.com/show_bug.cgi?id=459229
https://www.securityfocus.com/bid/42575

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2544, CVE-2010-2545
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
AbanteCart Multiple Cross-Site Scripting Vulnerabilities
Apache Struts Cross Site Scripting Vulnerability
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities

Cacti Cross Site Scripting and HTML Injection Vulnerabilities

Take action and discover your vulnerabilities