VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-2545
cacti: Multiple cross-site scripting (XSS) vulnerabilities...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2545

Original

Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php,...

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-08-23
Source Information Category:
Advisory, Alert
Last Updated:
2010-08-24




Affected Product Tags
cpe:/a:cacti:cacti:0.5:-
cpe:/a:cacti:cacti:0.6
cpe:/a:cacti:cacti:0.6.1
cpe:/a:cacti:cacti:0.6.2
cpe:/a:cacti:cacti:0.6.3
cpe:/a:cacti:cacti:0.6.4
cpe:/a:cacti:cacti:0.6.5
cpe:/a:cacti:cacti:0.6.6
cpe:/a:cacti:cacti:0.6.7
cpe:/a:cacti:cacti:0.6.8
cpe:/a:cacti:cacti:0.6.8a
cpe:/a:cacti:cacti:0.8
cpe:/a:cacti:cacti:0.8.1
cpe:/a:cacti:cacti:0.8.2
cpe:/a:cacti:cacti:0.8.2a
cpe:/a:cacti:cacti:0.8.3
cpe:/a:cacti:cacti:0.8.3a
cpe:/a:cacti:cacti:0.8.4
cpe:/a:cacti:cacti:0.8.5
cpe:/a:cacti:cacti:0.8.5a
cpe:/a:cacti:cacti:0.8.6
cpe:/a:cacti:cacti:0.8.6a
cpe:/a:cacti:cacti:0.8.6b
cpe:/a:cacti:cacti:0.8.6c
cpe:/a:cacti:cacti:0.8.6d
cpe:/a:cacti:cacti:0.8.6f
cpe:/a:cacti:cacti:0.8.6g
cpe:/a:cacti:cacti:0.8.6h
cpe:/a:cacti:cacti:0.8.6i
cpe:/a:cacti:cacti:0.8.6j
cpe:/a:cacti:cacti:0.8.6k
cpe:/a:cacti:cacti:0.8.7
cpe:/a:cacti:cacti:0.8.7a
cpe:/a:cacti:cacti:0.8.7b
cpe:/a:cacti:cacti:0.8.7c
cpe:/a:cacti:cacti:0.8.7d
cpe:/a:cacti:cacti:0.8.7e
cpe:/a:cacti:cacti:0.8.7f and previous versions
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
BID 42575




CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=459229




CONFIRM http://svn.cacti.net/viewvc?view=rev&revision=6042




CONFIRM http://svn.cacti.net/viewvc?view=rev&revision=6041




CONFIRM http://svn.cacti.net/viewvc?view=rev&revision=6038




CONFIRM http://svn.cacti.net/viewvc?view=rev&revision=6037




CONFIRM http://cacti.net/release_notes_0_8_7g.php




MLIST [oss-security] 20100726 Re: Cacti XSS fixes in 0.8.7g




MLIST [oss-security] 20100722 Cacti XSS fixes in 0.8.7g




REDHAT RHSA-2010:0635




SECUNIA 41041




Vulnerability Type Cross-Site Scripting (XSS) (CWE-79)




Copyright © 2010 JPCERT/CC All Rights Reserved.