Published: 29/11/2009 Updated: 13/02/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cacti cacti 0.8.7e

Debian Bug report logs - #582691 Multiple security vulnerabilities in upstream package Package: cacti; Maintainer for cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Source for cacti is src:cacti (PTS, buildd, popcon) Reported by: Rainbow Warrior <rnbwpnt@gmailcom> Date: Sat, 22 May 2010 20:15:0 ...

Debian Bug report logs - #561338 CVE-2009-4032: multiple XSS issues Package: cacti; Maintainer for cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Source for cacti is src:cacti (PTS, buildd, popcon) Reported by: Steffen Joeris <steffenjoeris@skolelinuxde> Date: Wed, 16 Dec 2009 11:33:02 UTC Se ...

Several vulnerabilities have been found in cacti, a frontend to rrdtool for monitoring systems and services The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3112, CVE-2007-3113 It was discovered that cacti is prone to a denial of service via the graph_height, graph_width, graph_start and graph_end param ...

Cacti versions 087e and below suffer from cross site scripting and privilege escalation vulnerabilities ...

Moritz Naumann <security@moritz-naumanncom> cacti: wwwcactinet/ ================================================================= Cacti 087e and earlier versions are affected by multiple security issues Issues 1-4 are cross site scripting issues, issue 5 is a priviledge escalation issue 1 XSS 1 A HTTP GET request against ...

source: wwwsecurityfocuscom/bid/37109/info Cacti is prone to multiple cross-site-scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allo ...

CWE-79 http://secunia.com/advisories/37481 http://www.osvdb.org/60483 http://bugs.gentoo.org/show_bug.cgi?id=294573 http://www.cacti.net/download_patches.php http://www.securityfocus.com/bid/37109 http://www.openwall.com/lists/oss-security/2009/11/25/2 http://www.vupen.com/english/advisories/2009/3325 http://docs.cacti.net/#cross-site_scripting_fixes http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch http://www.openwall.com/lists/oss-security/2009/11/25/4 http://www.openwall.com/lists/oss-security/2009/11/30/2 http://www.openwall.com/lists/oss-security/2009/11/26/1 http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.html http://secunia.com/advisories/37934 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01390.html https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00166.html http://secunia.com/advisories/38087 https://rhn.redhat.com/errata/RHSA-2010-0635.html http://secunia.com/advisories/41041 http://www.vupen.com/english/advisories/2010/2132 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003901.html http://jvn.jp/en/jp/JVN09758120/index.html https://exchange.xforce.ibmcloud.com/vulnerabilities/54388 http://www.securityfocus.com/archive/1/508129/100/0/threaded https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=582691 https://www.exploit-db.com/exploits/10234/https://www.debian.org/security/./dsa-1954

CVE-2009-4032

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect