Lucene search

[email protected]CVE-2009-4032

HistoryNov 29, 2009 - 1:07 p.m.

CVE-2009-4032

2009-11-2913:07:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-4032

cacti

xss

cross-site scripting

security vulnerabilities

web script

html injection

nvd

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.023 Low

EPSS

Percentile

89.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; © the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php.

CPENameOperatorVersion
cacti:cacticactieq0.8.7e

CPE	Name	Operator	Version
cacti:cacti	cacti	eq	0.8.7e

References

archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.html

bugs.gentoo.org/show_bug.cgi?id=294573

docs.cacti.net/#cross-site_scripting_fixes

jvn.jp/en/jp/JVN09758120/index.html

jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003901.html

secunia.com/advisories/37481

secunia.com/advisories/37934

secunia.com/advisories/38087

secunia.com/advisories/41041

www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch

www.cacti.net/download_patches.php

www.openwall.com/lists/oss-security/2009/11/25/2

www.openwall.com/lists/oss-security/2009/11/25/4

www.openwall.com/lists/oss-security/2009/11/26/1

www.openwall.com/lists/oss-security/2009/11/30/2

www.osvdb.org/60483

www.securityfocus.com/archive/1/508129/100/0/threaded

www.securityfocus.com/bid/37109

www.vupen.com/english/advisories/2009/3325

www.vupen.com/english/advisories/2010/2132

exchange.xforce.ibmcloud.com/vulnerabilities/54388

rhn.redhat.com/errata/RHSA-2010-0635.html

www.redhat.com/archives/fedora-package-announce/2009-December/msg01390.html

www.redhat.com/archives/fedora-package-announce/2010-January/msg00166.html

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.023 Low

EPSS

Percentile

89.5%

JSON

Related for CVE-2009-4032

nessus5 openvas12 fedora2 jvn1 securityvulns2 exploitpack1 debiancve2 ubuntucve2 seebug2 freebsd1 packetstorm1 prion2 veracode1 cve1 exploitdb1 osv1 debian1