CVE-2009-4032
published 2009-11-29CVE-2009-4032: Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1)…
PriorityP423medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
5.74%
92.1th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php.
Affected
48 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cacti | cacti | <= 0.8.7f | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h2p8-mfhp-r2rg: Cross-site scripting (XSS) vulnerability in include/top_graph_header
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2010-2543 [MEDIUM] CWE-79 GHSA-h2p8-mfhp-r2rg: Cross-site scripting (XSS) vulnerability in include/top_graph_header
Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.
GHSA
GHSA-2chx-2wx9-x7f6: Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0
ghsa_unreviewed·2022-05-02
CVE-2009-4032 [MEDIUM] CWE-79 GHSA-2chx-2wx9-x7f6: Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php.
OSV
CVE-2010-2543: Cross-site scripting (XSS) vulnerability in include/top_graph_header
osv·2010-08-23·CVSS 4.3
CVE-2010-2543 [MEDIUM] CVE-2010-2543: Cross-site scripting (XSS) vulnerability in include/top_graph_header
Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.
OSV
CVE-2009-4032: Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0
osv·2009-11-29·CVSS 4.3
CVE-2009-4032 [MEDIUM] CVE-2009-4032: Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php.
Debian
CVE-2010-2543: cacti - Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cact...
vendor_debian·2010·CVSS 4.3
CVE-2010-2543 [MEDIUM] CVE-2010-2543: cacti - Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cact...
Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.
Scope: local
bookworm: resolved (fixed in 0.8.7g-1)
bullseye: resolved (fixed in 0.8.7g-1)
forky: resolved (fixed in 0.8.7g-1)
sid: resolved (fixed in 0.8.7g-1)
trixie: resolved (fixed in 0.8.7g-1)
Red Hat
cacti: Multiple cross-site scripting flaws
vendor_redhat·2009-11-21·CVSS 4.3
CVE-2009-4032 [MEDIUM] CWE-79 cacti: Multiple cross-site scripting flaws
cacti: Multiple cross-site scripting flaws
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php.
Red Hat
cacti: Multiple cross-site scripting flaws
vendor_redhat·2009-11-21·CVSS 4.3
CVE-2010-2543 [MEDIUM] CWE-79 cacti: Multiple cross-site scripting flaws
cacti: Multiple cross-site scripting flaws
Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.
Debian
CVE-2009-4032: cacti - Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote...
vendor_debian·2009·CVSS 4.3
CVE-2009-4032 [MEDIUM] CVE-2009-4032: cacti - Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote...
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php.
Scope: local
bookworm: resolved (fixed in 0.8.7e-1.1)
bullseye: resolved (fixed in 0.8.7e-1.1)
forky: resolved (fixed in 0.8.7e-1.1)
sid: resolved (fixed in 0.8.7e-1.1)
trixie: resolved (fixed in 0.8.7e-1.1)
No detection rules found.
Exploit-DB
Cacti 0.8.7e - Multiple Vulnerabilities
exploitdb·2009-11-26
CVE-2010-2543 Cacti 0.8.7e - Multiple Vulnerabilities
Cacti 0.8.7e - Multiple Vulnerabilities
---
Moritz Naumann
cacti:
http://www.cacti.net/
Cacti 0.8.7e and earlier versions are affected by multiple security
issues. Issues 1-4 are cross site scripting issues, issue 5 is a
priviledge escalation issue.
1. XSS 1
A HTTP GET request against the following URL will, on a web browser
with Javascript support, cause a dialog box saying '1' to be displayed:
http://CACTIHOST/graph.php?action=zoom&local_graph_id=1&graph_end=1%27%20style=visibility:hidden%3E%3Cscript%3Ealert(1)%3C/script%3E%3Cx%20y=%27
This vulnerability is only exploitable if the victim is allowed to view
graphs. This will be true if the victim has previously authenticated
against Cacti or if both the guest user has been activated (default:
disabled) and the graph view permissi
Exploit-DB
Cacti 0.8.x - 'graph.php' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2009-11-21
CVE-2009-4032 Cacti 0.8.x - 'graph.php' Multiple Cross-Site Scripting Vulnerabilities
Cacti 0.8.x - 'graph.php' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/37109/info
Cacti is prone to multiple cross-site-scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Versions prior to Cacti 0.8.7g are vulnerable.
http://www.example.com/graph.php?action=zoom&local_graph_id=1&graph_end=1%27%20style=visibility:hidden%3E%3Cscript%3Ealert(1)%3C/script%3E%3Cx%20y=%27
http://www.example
http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.htmlhttp://bugs.gentoo.org/show_bug.cgi?id=294573http://docs.cacti.net/#cross-site_scripting_fixeshttp://jvn.jp/en/jp/JVN09758120/index.htmlhttp://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003901.htmlhttp://secunia.com/advisories/37481http://secunia.com/advisories/37934http://secunia.com/advisories/38087http://secunia.com/advisories/41041http://www.cacti.net/download_patches.phphttp://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patchhttp://www.openwall.com/lists/oss-security/2009/11/25/2http://www.openwall.com/lists/oss-security/2009/11/25/4http://www.openwall.com/lists/oss-security/2009/11/26/1http://www.openwall.com/lists/oss-security/2009/11/30/2http://www.osvdb.org/60483http://www.securityfocus.com/archive/1/508129/100/0/threadedhttp://www.securityfocus.com/bid/37109http://www.vupen.com/english/advisories/2009/3325http://www.vupen.com/english/advisories/2010/2132https://exchange.xforce.ibmcloud.com/vulnerabilities/54388https://rhn.redhat.com/errata/RHSA-2010-0635.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg01390.htmlhttps://www.redhat.com/archives/fedora-package-announce/2010-January/msg00166.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.htmlhttp://bugs.gentoo.org/show_bug.cgi?id=294573http://docs.cacti.net/#cross-site_scripting_fixeshttp://jvn.jp/en/jp/JVN09758120/index.htmlhttp://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003901.htmlhttp://secunia.com/advisories/37481http://secunia.com/advisories/37934http://secunia.com/advisories/38087http://secunia.com/advisories/41041http://www.cacti.net/download_patches.phphttp://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patchhttp://www.openwall.com/lists/oss-security/2009/11/25/2http://www.openwall.com/lists/oss-security/2009/11/25/4http://www.openwall.com/lists/oss-security/2009/11/26/1http://www.openwall.com/lists/oss-security/2009/11/30/2http://www.osvdb.org/60483http://www.securityfocus.com/archive/1/508129/100/0/threadedhttp://www.securityfocus.com/bid/37109http://www.vupen.com/english/advisories/2009/3325http://www.vupen.com/english/advisories/2010/2132https://exchange.xforce.ibmcloud.com/vulnerabilities/54388https://rhn.redhat.com/errata/RHSA-2010-0635.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-December/msg01390.htmlhttps://www.redhat.com/archives/fedora-package-announce/2010-January/msg00166.html
2009-11-29
Published