Lucene search
Marc SchoenefeldEDB-ID:34504HistoryAug 19, 2010 - 12:00 a.m.
Cacti 0.8.7 (RedHat High Performance Computing [HPC]) - 'utilities.php?Filter' Cross-Site Scripting
2010-08-1900:00:00
Marc Schoenefeld
www.exploit-db.com
20
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/42575/info
Cacti is prone to cross-site-scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Versions prior to Cacti 0.8.7g are vulnerable.
http://www.example.com/cacti/utilities.php?tail_lines=50&message_type=-1&go.x=10&go.y=9&refresh=20&reverse=1&filter=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&page=1&action=view_logfileRelated
prion
prion
Cross site scripting
2010-08-23 22:00:00
cvelist
cvelist
CVE-2010-2544
2010-08-23 20:00:00
checkpoint_advisories
checkpoint_advisories
Cacti utilities.php Cross-Site Scripting (CVE-2010-2544)
2020-10-28 00:00:00
debiancve
debiancve
CVE-2010-2544
2010-08-23 22:00:03
ubuntucve
ubuntucve
CVE-2010-2544
2010-08-23 00:00:00
cve
cve
CVE-2010-2544
2010-08-23 22:00:03
nvd
nvd
CVE-2010-2544
2010-08-23 22:00:03
veracode
veracode
Cross-Site Scripting (XSS)
2020-04-10 00:46:59
nessus
nessus
Cacti < 0.8.7g Multiple XSS and HTML Injection Vulnerabilities
2012-01-20 00:00:00
GLSA-201401-20 : Cacti: Multiple vulnerabilities
2014-01-22 00:00:00
openvas
openvas
Cacti Cross Site Scripting and HTML Injection Vulnerabilities
2010-08-30 00:00:00
Cacti Cross Site Scripting and HTML Injection Vulnerabilities
2010-08-30 00:00:00
Mandriva Update for cacti MDVSA-2010:160 (cacti)
2010-08-30 00:00:00
gentoo
gentoo
Cacti: Multiple vulnerabilities
2014-01-21 00:00:00