Vulnerability CVE-2010-2543


Published: 2010-08-23   Modified: 2012-02-13

Description:
Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.

See advisories in our WLB2 database:
Topic
Author
Date
Low
Cacti 0.8.7g XSS
Tomas Hoger
26.08.2010

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Cacti -> Cacti 

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=541279
http://www.mandriva.com/security/advisories?name=MDVSA-2010:160
http://svn.cacti.net/viewvc?view=rev&revision=6025
http://svn.cacti.net/viewvc/cacti/branches/0.8.7/include/top_graph_header.php?r1=6025&r2=6024
http://marc.info/?l=oss-security&m=128017203704299&w=2
http://marc.info/?l=oss-security&m=127978954522586&w=2
http://cacti.net/release_notes_0_8_7g.php

Copyright 2024, cxsecurity.com

 

Back to Top