Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-1644

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2010-1644
Last Modified 15 Feb 2012 11:03:13
Published 23 Aug 2010 06:00:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2010-1644

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php.

Vulnerable Systems

Application

  • Cacti 0.5

  • Cacti 0.6

  • Cacti 0.6.1

  • Cacti 0.6.2

  • Cacti 0.6.3

  • Cacti 0.6.4

  • Cacti 0.6.5

  • Cacti 0.6.6

  • Cacti 0.6.7

  • Cacti 0.6.8

  • Cacti 0.6.8a

  • Cacti 0.8

  • Cacti 0.8.1

  • Cacti 0.8.2

  • Cacti 0.8.2a

  • Cacti 0.8.3

  • Cacti 0.8.3a

  • Cacti 0.8.4

  • Cacti 0.8.5

  • Cacti 0.8.5a

  • Cacti 0.8.6

  • Cacti 0.8.6a

  • Cacti 0.8.6b

  • Cacti 0.8.6c

  • Cacti 0.8.6d

  • Cacti 0.8.6f

  • Cacti 0.8.6g

  • Cacti 0.8.6h

  • Cacti 0.8.6i

  • Cacti 0.8.6j

  • Cacti 0.8.6k

  • Cacti 0.8.7

  • Cacti 0.8.7a

  • Cacti 0.8.7b

  • Cacti 0.8.7c

  • Cacti 0.8.7d

  • Cacti 0.8.7e


References

VUPEN - ADV-2010-1203

REDHAT - RHSA-2010:0635

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=609093

BID - 40332

BUGTRAQ - 20100521 Cacti Multiple Parameter Cross Site Scripting Vulnerabilities

CONFIRM - http://www.cacti.net/release_notes_0_8_7f.php

CONFIRM - http://svn.cacti.net/viewvc?view=rev&revision=5901

SECUNIA - 41041

VUPEN - ADV-2010-2132

MANDRIVA - MDVSA-2010:160


Last Updated: 27 May 2016 10:58:16