Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-2543

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2010-2543
Last Modified 15 Feb 2012 11:05:03
Published 23 Aug 2010 06:00:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2010-2543

Summary

Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.

Vulnerable Systems

Application

  • Cacti 0.5

  • Cacti 0.6

  • Cacti 0.6.1

  • Cacti 0.6.2

  • Cacti 0.6.3

  • Cacti 0.6.4

  • Cacti 0.6.5

  • Cacti 0.6.6

  • Cacti 0.6.7

  • Cacti 0.6.8

  • Cacti 0.6.8a

  • Cacti 0.8

  • Cacti 0.8.1

  • Cacti 0.8.2

  • Cacti 0.8.2a

  • Cacti 0.8.3

  • Cacti 0.8.3a

  • Cacti 0.8.4

  • Cacti 0.8.5

  • Cacti 0.8.5a

  • Cacti 0.8.6

  • Cacti 0.8.6a

  • Cacti 0.8.6b

  • Cacti 0.8.6c

  • Cacti 0.8.6d

  • Cacti 0.8.6f

  • Cacti 0.8.6g

  • Cacti 0.8.6h

  • Cacti 0.8.6i

  • Cacti 0.8.6j

  • Cacti 0.8.6k

  • Cacti 0.8.7

  • Cacti 0.8.7a

  • Cacti 0.8.7b

  • Cacti 0.8.7c

  • Cacti 0.8.7d

  • Cacti 0.8.7e

  • Cacti 0.8.7f


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=541279

CONFIRM - http://svn.cacti.net/viewvc?view=rev&revision=6025

CONFIRM - http://svn.cacti.net/viewvc/cacti/branches/0.8.7/include/top_graph_header.php?r1=6025&r2=6024

MLIST - [oss-security] 20100726 Re: Cacti XSS fixes in 0.8.7g

MLIST - [oss-security] 20100722 Cacti XSS fixes in 0.8.7g

CONFIRM - http://cacti.net/release_notes_0_8_7g.php

MANDRIVA - MDVSA-2010:160


Last Updated: 27 May 2016 10:58:16