VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-2544

cacti: Cross-site scripting (XSS) vulnerability in utiliti...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2544

Original

Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-08-23

Source Information Category:

Advisory, Alert

Last Updated:

2010-08-24

Affected Product Tags

cpe:/a:cacti:cacti:0.5:-

cpe:/a:cacti:cacti:0.6

cpe:/a:cacti:cacti:0.6.1

cpe:/a:cacti:cacti:0.6.2

cpe:/a:cacti:cacti:0.6.3

cpe:/a:cacti:cacti:0.6.4

cpe:/a:cacti:cacti:0.6.5

cpe:/a:cacti:cacti:0.6.6

cpe:/a:cacti:cacti:0.6.7

cpe:/a:cacti:cacti:0.6.8

cpe:/a:cacti:cacti:0.6.8a

cpe:/a:cacti:cacti:0.8

cpe:/a:cacti:cacti:0.8.1

cpe:/a:cacti:cacti:0.8.2

cpe:/a:cacti:cacti:0.8.2a

cpe:/a:cacti:cacti:0.8.3

cpe:/a:cacti:cacti:0.8.3a

cpe:/a:cacti:cacti:0.8.4

cpe:/a:cacti:cacti:0.8.5

cpe:/a:cacti:cacti:0.8.5a

cpe:/a:cacti:cacti:0.8.6

cpe:/a:cacti:cacti:0.8.6a

cpe:/a:cacti:cacti:0.8.6b

cpe:/a:cacti:cacti:0.8.6c

cpe:/a:cacti:cacti:0.8.6d

cpe:/a:cacti:cacti:0.8.6f

cpe:/a:cacti:cacti:0.8.6g

cpe:/a:cacti:cacti:0.8.6h

cpe:/a:cacti:cacti:0.8.6i

cpe:/a:cacti:cacti:0.8.6j

cpe:/a:cacti:cacti:0.8.6k

cpe:/a:cacti:cacti:0.8.7

cpe:/a:cacti:cacti:0.8.7a

cpe:/a:cacti:cacti:0.8.7b

cpe:/a:cacti:cacti:0.8.7c

cpe:/a:cacti:cacti:0.8.7d

cpe:/a:cacti:cacti:0.8.7e

cpe:/a:cacti:cacti:0.8.7f and previous versions

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 42575

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=459105

CONFIRM http://svn.cacti.net/viewvc?view=rev&revision=6025

CONFIRM http://svn.cacti.net/viewvc/cacti/branches/0.8.7/utilities.php?r1=6025&r2=6024&pathrev=6025

CONFIRM http://cacti.net/release_notes_0_8_7g.php

MLIST [oss-security] 20100726 Re: Cacti XSS fixes in 0.8.7g

MLIST [oss-security] 20100722 Cacti XSS fixes in 0.8.7g

REDHAT RHSA-2010:0635

SECUNIA 41041

Vulnerability Type Cross-Site Scripting (XSS) (CWE-79)

XF cacti-utilities-xss(61226)