Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-2544

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2010-2544
Last Modified 15 Feb 2012 11:05:03
Published 23 Aug 2010 06:00:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2010-2544

Summary

Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.

Vulnerable Systems

Application

  • Cacti 0.5

  • Cacti 0.6

  • Cacti 0.6.1

  • Cacti 0.6.2

  • Cacti 0.6.3

  • Cacti 0.6.4

  • Cacti 0.6.5

  • Cacti 0.6.6

  • Cacti 0.6.7

  • Cacti 0.6.8

  • Cacti 0.6.8a

  • Cacti 0.8

  • Cacti 0.8.1

  • Cacti 0.8.2

  • Cacti 0.8.2a

  • Cacti 0.8.3

  • Cacti 0.8.3a

  • Cacti 0.8.4

  • Cacti 0.8.5

  • Cacti 0.8.5a

  • Cacti 0.8.6

  • Cacti 0.8.6a

  • Cacti 0.8.6b

  • Cacti 0.8.6c

  • Cacti 0.8.6d

  • Cacti 0.8.6f

  • Cacti 0.8.6g

  • Cacti 0.8.6h

  • Cacti 0.8.6i

  • Cacti 0.8.6j

  • Cacti 0.8.6k

  • Cacti 0.8.7

  • Cacti 0.8.7a

  • Cacti 0.8.7b

  • Cacti 0.8.7c

  • Cacti 0.8.7d

  • Cacti 0.8.7e

  • Cacti 0.8.7f


References

REDHAT - RHSA-2010:0635

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=459105

XF - cacti-utilities-xss(61226)

BID - 42575

CONFIRM - http://svn.cacti.net/viewvc?view=rev&revision=6025

CONFIRM - http://svn.cacti.net/viewvc/cacti/branches/0.8.7/utilities.php?r1=6025&r2=6024&pathrev=6025

SECUNIA - 41041

MLIST - [oss-security] 20100726 Re: Cacti XSS fixes in 0.8.7g

MLIST - [oss-security] 20100722 Cacti XSS fixes in 0.8.7g

CONFIRM - http://cacti.net/release_notes_0_8_7g.php

VUPEN - ADV-2010-2132

MANDRIVA - MDVSA-2010:160


Last Updated: 27 May 2016 10:58:16