Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2009-4032

Source

Debian Bug report logs - #561338
CVE-2009-4032: multiple XSS issues

Package: cacti; Maintainer for cacti is Cacti Maintainer <pkg-cacti-maint@lists.alioth.debian.org>; Source for cacti is src:cacti (PTS, buildd, popcon).

Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>

Date: Wed, 16 Dec 2009 11:33:02 UTC

Severity: grave

Tags: patch, security

Fixed in version 0.8.7e-1.1

Done: Steffen Joeris <steffen.joeris@skolelinux.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Sean Finney <seanius@debian.org>:
Bug#561338; Package cacti. (Wed, 16 Dec 2009 11:33:05 GMT) (full text, mbox, link).

Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Sean Finney <seanius@debian.org>. (Wed, 16 Dec 2009 11:33:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Package: cacti
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for cacti.

CVE-2009-4032[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e
| allow remote attackers to inject arbitrary web script or HTML via
| vectors related to (1) graph.php, (2) include/top_graph_header.php,
| (3) lib/html_form.php, and (4) lib/timespan_settings.php, as
| demonstrated by the (a) graph_end or (b) graph_start parameters to
| graph.php; (c) the date1 parameter in a tree action to graph_view.php;
| and the (d) page_refresh and (e) default_dual_pane_width parameters to
| graph_settings.php.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

Uploaded NMU patch attached.

Cheers
Steffen

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4032
    http://security-tracker.debian.org/tracker/CVE-2009-4032

[nmu.patch (text/x-diff, attachment)]

Reply sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
You have taken responsibility. (Wed, 16 Dec 2009 11:51:04 GMT) (full text, mbox, link).

Notification sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer. (Wed, 16 Dec 2009 11:51:04 GMT) (full text, mbox, link).

Message #10 received at 561338-done@bugs.debian.org (full text, mbox, reply):

Version: 0.8.7e-1.1

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 21 Jan 2010 07:32:26 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:50:37 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-4032: multiple XSS issues

Debian Bug report logs - #561338
CVE-2009-4032: multiple XSS issues

Vulmon Search

About

Products

Connect

CVE-2009-4032: multiple XSS issues

Debian Bug report logs - #561338 CVE-2009-4032: multiple XSS issues

Vulmon Search

About

Products

Connect

Debian Bug report logs - #561338
CVE-2009-4032: multiple XSS issues