ID de Prueba:	1.3.6.1.4.1.25623.1.0.100361
Categoría:	Web application abuses
Título:	Cacti Multiple HTML Injection Vulnerabilities
Resumen:	Cacti is prone to multiple HTML-injection vulnerabilities because it fails to; properly sanitize user-supplied input before using it in dynamically generated content.
Descripción:	Summary: Cacti is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Vulnerability Impact: Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Affected Software/OS: Cacti 0.8.7e is vulnerable. Other versions may be affected as well. Solution: A patch is available. Please see the references for details. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4032 20091125 Cacti 0.8.7e: Multiple security issues http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.html 20091126 Cacti 0.8.7e: Multiple security issues http://www.securityfocus.com/archive/1/508129/100/0/threaded 37109 http://www.securityfocus.com/bid/37109 37481 http://secunia.com/advisories/37481 37934 http://secunia.com/advisories/37934 38087 http://secunia.com/advisories/38087 41041 http://secunia.com/advisories/41041 60483 http://www.osvdb.org/60483 ADV-2009-3325 http://www.vupen.com/english/advisories/2009/3325 ADV-2010-2132 http://www.vupen.com/english/advisories/2010/2132 FEDORA-2009-12560 https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00166.html FEDORA-2009-12575 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01390.html JVN#09758120 http://jvn.jp/en/jp/JVN09758120/index.html JVNDB-2009-003901 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003901.html RHSA-2010:0635 https://rhn.redhat.com/errata/RHSA-2010-0635.html [oss-security] 20091125 CVE Request - Cacti - 0.8.7e http://www.openwall.com/lists/oss-security/2009/11/25/2 [oss-security] 20091125 Re: CVE Request - Cacti - 0.8.7e http://www.openwall.com/lists/oss-security/2009/11/25/4 [oss-security] 20091126 Re: CVE Request - Cacti - 0.8.7e http://www.openwall.com/lists/oss-security/2009/11/26/1 [oss-security] 20091130 Re: CVE Request - Cacti - 0.8.7e http://www.openwall.com/lists/oss-security/2009/11/30/2 cacti-name-xss(54388) https://exchange.xforce.ibmcloud.com/vulnerabilities/54388 http://bugs.gentoo.org/show_bug.cgi?id=294573 http://docs.cacti.net/#cross-site_scripting_fixes http://www.cacti.net/download_patches.php http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.