Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 prior to 0.8.7b and 0.8.6 prior to 0.8.6k allow remote malicious users to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the action parameter to the draw_navigation_text function in lib/functions.php, reachable through index.php (aka the login page) or data_input.php; or (4) the login_username parameter to index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cacti cacti 0.8 |
||
cacti cacti 0.8.1 |
||
cacti cacti 0.8.5a |
||
cacti cacti 0.8.6c |
||
cacti cacti 0.6.7 |
||
cacti cacti 0.8.4 |
||
cacti cacti 0.8.5 |
||
cacti cacti 0.8.7a |
||
cacti cacti 0.8.2 |
||
cacti cacti 0.8.2a |
||
cacti cacti 0.8.6f |
||
cacti cacti 0.8.6i |
||
cacti cacti 0.8.3 |
||
cacti cacti 0.8.3a |
||
cacti cacti 0.8.6j |
||
cacti cacti 0.8.7 |