CVE-2010-1644 — Cross-site Scripting in Cacti

CWE-79 — Cross-site Scripting7 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

2.0%

top 16.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cacti Debian Cacti

Timeline

PublishedAug 23

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/cacti< cacti 0.8.7g-1 (bookworm)

▶Debiancacti/cacti< 0.8.7g-1+3

▶NVDcacti/cacti0.8.7e+36

Patches

Patch: www.vupen.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-5882-82vc-8f56: Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0↗2022-05-17

▶

OSV

CVE-2010-1644: Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0↗2010-08-23

▶

📋Vendor Advisories

Red Hat

cacti: XSS issues in host.php and data_sources.php (VUPEN/ADV-2010-1203)↗2010-05-20

▶

Debian

CVE-2010-1644: cacti - Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as u...↗2010

▶

💬Community

Bugzilla

CVE-2010-1644 cacti: XSS issues in host.php and data_sources.php (VUPEN/ADV-2010-1203)↗2010-06-29

▶

Bugzilla

CVE-2010-1644 CVE-2010-1645 CVE-2010-2092 Cacti v0.8.7f - three security fixes↗2010-05-24

▶