CVE-2010-2543
published 2010-08-23CVE-2010-2543: Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML…
PriorityP423medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
3.87%
88.9th percentile
Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.
Affected
43 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cacti | cacti | <= 0.8.7f | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2010-2543: cacti - Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cact...
vendor_debian·2010·CVSS 4.3
CVE-2010-2543 [MEDIUM] CVE-2010-2543: cacti - Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cact...
Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.
Scope: local
bookworm: resolved (fixed in 0.8.7g-1)
bullseye: resolved (fixed in 0.8.7g-1)
forky: resolved (fixed in 0.8.7g-1)
sid: resolved (fixed in 0.8.7g-1)
trixie: resolved (fixed in 0.8.7g-1)
Red Hat
cacti: Multiple cross-site scripting flaws
vendor_redhat·2009-11-21·CVSS 4.3
CVE-2010-2543 [MEDIUM] CWE-79 cacti: Multiple cross-site scripting flaws
cacti: Multiple cross-site scripting flaws
Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.
GHSA
GHSA-h2p8-mfhp-r2rg: Cross-site scripting (XSS) vulnerability in include/top_graph_header
ghsa_unreviewed·2022-05-17·CVSS 4.3
CVE-2010-2543 [MEDIUM] CWE-79 GHSA-h2p8-mfhp-r2rg: Cross-site scripting (XSS) vulnerability in include/top_graph_header
Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.
OSV
CVE-2010-2543: Cross-site scripting (XSS) vulnerability in include/top_graph_header
osv·2010-08-23·CVSS 4.3
CVE-2010-2543 [MEDIUM] CVE-2010-2543: Cross-site scripting (XSS) vulnerability in include/top_graph_header
Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.
No detection rules found.
http://cacti.net/release_notes_0_8_7g.phphttp://marc.info/?l=oss-security&m=127978954522586&w=2http://marc.info/?l=oss-security&m=128017203704299&w=2http://svn.cacti.net/viewvc/cacti/branches/0.8.7/include/top_graph_header.php?r1=6025&r2=6024http://svn.cacti.net/viewvc?view=rev&revision=6025http://www.mandriva.com/security/advisories?name=MDVSA-2010:160https://bugzilla.redhat.com/show_bug.cgi?id=541279http://cacti.net/release_notes_0_8_7g.phphttp://marc.info/?l=oss-security&m=127978954522586&w=2http://marc.info/?l=oss-security&m=128017203704299&w=2http://svn.cacti.net/viewvc/cacti/branches/0.8.7/include/top_graph_header.php?r1=6025&r2=6024http://svn.cacti.net/viewvc?view=rev&revision=6025http://www.mandriva.com/security/advisories?name=MDVSA-2010:160https://bugzilla.redhat.com/show_bug.cgi?id=541279
2010-08-23
Published