4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
cacti is vulnerable to cross-site scripting. Multiple cross-site scripting (XSS) flaws were discovered in Cacti. An unauthenticated, or authenticated user with certain administrative privileges, could perform an XSS attack against victims viewing Cacti web pages.
CPE | Name | Operator | Version |
---|---|---|---|
python-psycopg2 | eq | 2.0.6__1.el5ipa | |
python-psycopg2 | eq | 2.0.6__1.el5ipa |
archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.html
bugs.gentoo.org/show_bug.cgi?id=294573
docs.cacti.net/#cross-site_scripting_fixes
jvn.jp/en/jp/JVN09758120/index.html
jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003901.html
secunia.com/advisories/37481
secunia.com/advisories/37934
secunia.com/advisories/38087
secunia.com/advisories/41041
www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch
www.cacti.net/download_patches.php
www.openwall.com/lists/oss-security/2009/11/25/2
www.openwall.com/lists/oss-security/2009/11/25/4
www.openwall.com/lists/oss-security/2009/11/26/1
www.openwall.com/lists/oss-security/2009/11/30/2
www.osvdb.org/60483
www.redhat.com/security/updates/classification/#important
www.securityfocus.com/archive/1/508129/100/0/threaded
www.securityfocus.com/bid/37109
www.vupen.com/english/advisories/2009/3325
www.vupen.com/english/advisories/2010/2132
access.redhat.com/errata/RHSA-2010:0635
access.redhat.com/security/cve/CVE-2009-4032
bugzilla.redhat.com/show_bug.cgi?id=541279
exchange.xforce.ibmcloud.com/vulnerabilities/54388
rhn.redhat.com/errata/RHSA-2010-0635.html
www.redhat.com/archives/fedora-package-announce/2009-December/msg01390.html
www.redhat.com/archives/fedora-package-announce/2010-January/msg00166.html