Lucene search

[email protected]CVE-2014-4002

HistoryJul 03, 2014 - 2:55 p.m.

CVE-2014-4002

2014-07-0314:55:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-4002

xss

cacti 0.8.8b

cross-site scripting

nvd

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6) graph_templates.php, (7) graphs.php, (8) host.php, or (9) host_templates.php or the (10) graph_template_input_id or (11) graph_template_id parameter to graph_templates_inputs.php.

CPENameOperatorVersion
opensuse:opensuseopensuseeq13.1
opensuse:opensuseopensuseeq13.2
cacti:cacticactieq0.8.8b

CPE	Name	Operator	Version
opensuse:opensuse	opensuse	eq	13.1
opensuse:opensuse	opensuse	eq	13.2
cacti:cacti	cacti	eq	0.8.8b

References

lists.opensuse.org/opensuse-updates/2015-03/msg00034.html

secunia.com/advisories/59203

secunia.com/advisories/59517

svn.cacti.net/viewvc?view=rev&revision=7451

svn.cacti.net/viewvc?view=rev&revision=7452

www.debian.org/security/2014/dsa-2970

www.securityfocus.com/bid/68257

security.gentoo.org/glsa/201509-03

5.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

64.5%

JSON

Related for CVE-2014-4002

prion1 openvas10 nessus9 osv2 ubuntucve1 amazon1 debiancve1 fedora2 debian4 mageia1 securityvulns2 freebsd1 gentoo1