Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2010-2545

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2010-2545
Last Modified 15 Feb 2012 11:05:03
Published 23 Aug 2010 06:00:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2010-2545

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7) gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php, (11) graph_templates_inputs.php, (12) graph_templates_items.php, (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16) host_templates.php, (17) lib/functions.php, (18) lib/html_form.php, (19) lib/html_form_template.php, (20) lib/html.php, (21) lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php, and (25) user_admin.php.

Vulnerable Systems

Application

  • Cacti 0.5

  • Cacti 0.6

  • Cacti 0.6.1

  • Cacti 0.6.2

  • Cacti 0.6.3

  • Cacti 0.6.4

  • Cacti 0.6.5

  • Cacti 0.6.6

  • Cacti 0.6.7

  • Cacti 0.6.8

  • Cacti 0.6.8a

  • Cacti 0.8

  • Cacti 0.8.1

  • Cacti 0.8.2

  • Cacti 0.8.2a

  • Cacti 0.8.3

  • Cacti 0.8.3a

  • Cacti 0.8.4

  • Cacti 0.8.5

  • Cacti 0.8.5a

  • Cacti 0.8.6

  • Cacti 0.8.6a

  • Cacti 0.8.6b

  • Cacti 0.8.6c

  • Cacti 0.8.6d

  • Cacti 0.8.6f

  • Cacti 0.8.6g

  • Cacti 0.8.6h

  • Cacti 0.8.6i

  • Cacti 0.8.6j

  • Cacti 0.8.6k

  • Cacti 0.8.7

  • Cacti 0.8.7a

  • Cacti 0.8.7b

  • Cacti 0.8.7c

  • Cacti 0.8.7d

  • Cacti 0.8.7e

  • Cacti 0.8.7f


References

REDHAT - RHSA-2010:0635

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=459229

BID - 42575

CONFIRM - http://svn.cacti.net/viewvc?view=rev&revision=6042

CONFIRM - http://svn.cacti.net/viewvc?view=rev&revision=6041

CONFIRM - http://svn.cacti.net/viewvc?view=rev&revision=6038

CONFIRM - http://svn.cacti.net/viewvc?view=rev&revision=6037

SECUNIA - 41041

MLIST - [oss-security] 20100726 Re: Cacti XSS fixes in 0.8.7g

MLIST - [oss-security] 20100722 Cacti XSS fixes in 0.8.7g

CONFIRM - http://cacti.net/release_notes_0_8_7g.php

XF - cacti-templatesimport-xss(61227)

VUPEN - ADV-2010-2132

MANDRIVA - MDVSA-2010:160


Last Updated: 27 May 2016 10:58:16