Published: 03/07/2014 Updated: 30/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote malicious users to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6) graph_templates.php, (7) graphs.php, (8) host.php, or (9) host_templates.php or the (10) graph_template_input_id or (11) graph_template_id parameter to graph_templates_inputs.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
opensuse opensuse 13.1
opensuse opensuse 13.2
cacti cacti 0.8.8b

Debian Bug report logs - #752573 cacti: CVE-2014-4002 Cross-Site Scripting Vulnerability Package: cacti; Maintainer for cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Source for cacti is src:cacti (PTS, buildd, popcon) Reported by: Paul Gevers <elbrus@debianorg> Date: Tue, 24 Jun 2014 19:57:06 ...

Debian Bug report logs - #742768 cacti: CVE-2014-2326 CVE-2014-2327 CVE-2014-2328 Package: cacti; Maintainer for cacti is Cacti Maintainer <pkg-cacti-maint@listsaliothdebianorg>; Source for cacti is src:cacti (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 27 Mar 2014 07:03:01 UTC ...

Multiple security issues (cross-site scripting, cross-site request forgery, SQL injections, missing input sanitising) have been found in Cacti, a web frontend for RRDTool For the stable distribution (wheezy), these problems have been fixed in version 088a+dfsg-5+deb7u3 For the testing distribution (jessie), these problems have been fixed in ver ...

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 088b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdefphp, (2) data_inputphp, (3) data_queriesphp, (4) data_sourcesphp, (5) data_templatesphp, (6) graph_templatesphp, (7) graphsphp, (8) hostphp, or (9) host_templatesphp or th ...

CWE-79 http://svn.cacti.net/viewvc?view=rev&revision=7452 http://secunia.com/advisories/59517 http://www.debian.org/security/2014/dsa-2970 http://svn.cacti.net/viewvc?view=rev&revision=7451 http://secunia.com/advisories/59203 http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html http://www.securityfocus.com/bid/68257 https://security.gentoo.org/glsa/201509-03 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=752573 https://www.debian.org/security/./dsa-2970

CVE-2014-4002

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect