Cacti Multiple HTML Injection Vulnerabilities Network Vulnerability

Summary

Cacti is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie- based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Cacti 0.8.7e is vulnerable other versions may be affected as well.

Solution

A patch is available. Please see the references for details.

References

http://cacti.net/
http://docs.cacti.net/#cross-site_scripting_fixes
http://www.securityfocus.com/bid/37109

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4032
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
aeNovo Database Content Disclosure Vulnerability
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
Advanced Image Hosting Cross Site Scripting Vulnerability
Adobe JRun Management Console Multiple Vulnerabilities

Take action and discover your vulnerabilities