FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-4032

This CVE name corresponds to:

Entered Topic
2009-11-23 cacti -- cross-site scripting issues

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-4032 at cve.mitre.org

Details

Type Candidate
Name CVE-2009-4032
Phase Assigned(20091120)

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php.

References

Source Reference
BUGTRAQ 20091126 Cacti 0.8.7e: Multiple security issues
FULLDISC 20091125 Cacti 0.8.7e: Multiple security issues
MLIST [oss-security] 20091125 CVE Request - Cacti - 0.8.7e
MLIST [oss-security] 20091125 Re: CVE Request - Cacti - 0.8.7e
MLIST [oss-security] 20091126 Re: CVE Request - Cacti - 0.8.7e
MLIST [oss-security] 20091130 Re: CVE Request - Cacti - 0.8.7e
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=294573
CONFIRM http://docs.cacti.net/#cross-site_scripting_fixes
CONFIRM http://www.cacti.net/download_patches.php
CONFIRM http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch
FEDORA FEDORA-2009-12575
FEDORA FEDORA-2009-12560
REDHAT RHSA-2010:0635
BID 37109
OSVDB 60483
SECUNIA 37481
SECUNIA 37934
SECUNIA 38087
SECUNIA 41041
VUPEN ADV-2009-3325
VUPEN ADV-2010-2132
XF cacti-name-xss(54388)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.