Web application abuses : Cacti Cross Site Scripting and HTML Injection Vulnerabilities

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.100764

Categoría: Web application abuses

Título: Cacti Cross Site Scripting and HTML Injection Vulnerabilities

Resumen: Cacti is prone to cross-site-scripting and HTML-injection vulnerabilities;because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Descripción: Summary:
Cacti is prone to cross-site-scripting and HTML-injection vulnerabilities
because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Vulnerability Impact:
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the
attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user.
Other attacks are also possible.

Affected Software/OS:
Versions prior to Cacti 0.8.7g are vulnerable.

Solution:
Updates are available. Please see the references for more information.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2543
MDVSA-2010:160
http://www.mandriva.com/security/advisories?name=MDVSA-2010:160
[oss-security] 20100722 Cacti XSS fixes in 0.8.7g
http://marc.info/?l=oss-security&m=127978954522586&w=2
[oss-security] 20100726 Re: Cacti XSS fixes in 0.8.7g
http://marc.info/?l=oss-security&m=128017203704299&w=2
http://cacti.net/release_notes_0_8_7g.php
http://svn.cacti.net/viewvc/cacti/branches/0.8.7/include/top_graph_header.php?r1=6025&r2=6024
http://svn.cacti.net/viewvc?view=rev&revision=6025
https://bugzilla.redhat.com/show_bug.cgi?id=541279
Common Vulnerability Exposure (CVE) ID: CVE-2010-2544
41041
http://secunia.com/advisories/41041
42575
http://www.securityfocus.com/bid/42575
ADV-2010-2132
http://www.vupen.com/english/advisories/2010/2132
RHSA-2010:0635
https://rhn.redhat.com/errata/RHSA-2010-0635.html
cacti-utilities-xss(61226)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61226
http://svn.cacti.net/viewvc/cacti/branches/0.8.7/utilities.php?r1=6025&r2=6024&pathrev=6025
https://bugzilla.redhat.com/show_bug.cgi?id=459105
Common Vulnerability Exposure (CVE) ID: CVE-2010-2545
cacti-templatesimport-xss(61227)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61227
http://svn.cacti.net/viewvc?view=rev&revision=6037
http://svn.cacti.net/viewvc?view=rev&revision=6038
http://svn.cacti.net/viewvc?view=rev&revision=6041
http://svn.cacti.net/viewvc?view=rev&revision=6042
https://bugzilla.redhat.com/show_bug.cgi?id=459229

Copyright Copyright (C) 2010 Greenbone Networks GmbH

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.100764
Categoría:	Web application abuses
Título:	Cacti Cross Site Scripting and HTML Injection Vulnerabilities
Resumen:	Cacti is prone to cross-site-scripting and HTML-injection vulnerabilities;because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Descripción:	Summary: Cacti is prone to cross-site-scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Vulnerability Impact: Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Affected Software/OS: Versions prior to Cacti 0.8.7g are vulnerable. Solution: Updates are available. Please see the references for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2543 MDVSA-2010:160 http://www.mandriva.com/security/advisories?name=MDVSA-2010:160 [oss-security] 20100722 Cacti XSS fixes in 0.8.7g http://marc.info/?l=oss-security&m=127978954522586&w=2 [oss-security] 20100726 Re: Cacti XSS fixes in 0.8.7g http://marc.info/?l=oss-security&m=128017203704299&w=2 http://cacti.net/release_notes_0_8_7g.php http://svn.cacti.net/viewvc/cacti/branches/0.8.7/include/top_graph_header.php?r1=6025&r2=6024 http://svn.cacti.net/viewvc?view=rev&revision=6025 https://bugzilla.redhat.com/show_bug.cgi?id=541279 Common Vulnerability Exposure (CVE) ID: CVE-2010-2544 41041 http://secunia.com/advisories/41041 42575 http://www.securityfocus.com/bid/42575 ADV-2010-2132 http://www.vupen.com/english/advisories/2010/2132 RHSA-2010:0635 https://rhn.redhat.com/errata/RHSA-2010-0635.html cacti-utilities-xss(61226) https://exchange.xforce.ibmcloud.com/vulnerabilities/61226 http://svn.cacti.net/viewvc/cacti/branches/0.8.7/utilities.php?r1=6025&r2=6024&pathrev=6025 https://bugzilla.redhat.com/show_bug.cgi?id=459105 Common Vulnerability Exposure (CVE) ID: CVE-2010-2545 cacti-templatesimport-xss(61227) https://exchange.xforce.ibmcloud.com/vulnerabilities/61227 http://svn.cacti.net/viewvc?view=rev&revision=6037 http://svn.cacti.net/viewvc?view=rev&revision=6038 http://svn.cacti.net/viewvc?view=rev&revision=6041 http://svn.cacti.net/viewvc?view=rev&revision=6042 https://bugzilla.redhat.com/show_bug.cgi?id=459229
Copyright	Copyright (C) 2010 Greenbone Networks GmbH