CVE-2010-2544
published 2010-08-23CVE-2010-2544: Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other…
PriorityP423medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.31%
89.9th percentile
Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
Affected
43 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cacti | cacti | <= 0.8.7f | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
| cacti | cacti | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
cacti: XSS in utilities.php log file viewer search pattern
vendor_redhat·2010-07-09·CVSS 4.3
CVE-2010-2544 [MEDIUM] CWE-79 cacti: XSS in utilities.php log file viewer search pattern
cacti: XSS in utilities.php log file viewer search pattern
Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
Debian
CVE-2010-2544: cacti - Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g...
vendor_debian·2010·CVSS 4.3
CVE-2010-2544 [MEDIUM] CVE-2010-2544: cacti - Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g...
Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
Scope: local
bookworm: resolved (fixed in 0.8.7g-1)
bullseye: resolved (fixed in 0.8.7g-1)
forky: resolved (fixed in 0.8.7g-1)
sid: resolved (fixed in 0.8.7g-1)
trixie: resolved (fixed in 0.8.7g-1)
GHSA
GHSA-jc42-p4w4-wc6f: Cross-site scripting (XSS) vulnerability in utilities
ghsa_unreviewed·2022-05-17
CVE-2010-2544 [MEDIUM] CWE-79 GHSA-jc42-p4w4-wc6f: Cross-site scripting (XSS) vulnerability in utilities
Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
OSV
CVE-2010-2544: Cross-site scripting (XSS) vulnerability in utilities
osv·2010-08-23·CVSS 4.3
CVE-2010-2544 [MEDIUM] CVE-2010-2544: Cross-site scripting (XSS) vulnerability in utilities
Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
Suricata
ET WEB_SPECIFIC_APPS Cacti cacti/utilities.php Cross Site Scripting Attempt
suricata·2010-09-28
CVE-2010-2544 ET WEB_SPECIFIC_APPS Cacti cacti/utilities.php Cross Site Scripting Attempt
ET WEB_SPECIFIC_APPS Cacti cacti/utilities.php Cross Site Scripting Attempt
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Cacti cacti/utilities.php Cross Site Scripting Attempt"; flow:established,to_server; http.uri; content:"/cacti/utilities.php"; nocase; content:"tail_lines="; nocase; content:"message_type="; nocase; content:"filter="; nocase; pcre:"/filter\x3D.+(script|alert|onmouse[a-z]+|onkey[a-z]+|onload|onunload|ondragdrop|onblur|onfocus|onclick|ondblclick|onsubmit|onreset|onselect|onchange)/i"; reference:bid,42575; reference:cve,2010-2544; reference:cve,2010-2545; classtype:web-application-attack; sid:2011423; rev:4; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_09_28, cve CVE_2010_2544, deployment
http://cacti.net/release_notes_0_8_7g.phphttp://marc.info/?l=oss-security&m=127978954522586&w=2http://marc.info/?l=oss-security&m=128017203704299&w=2http://secunia.com/advisories/41041http://svn.cacti.net/viewvc/cacti/branches/0.8.7/utilities.php?r1=6025&r2=6024&pathrev=6025http://svn.cacti.net/viewvc?view=rev&revision=6025http://www.mandriva.com/security/advisories?name=MDVSA-2010:160http://www.securityfocus.com/bid/42575http://www.vupen.com/english/advisories/2010/2132https://bugzilla.redhat.com/show_bug.cgi?id=459105https://exchange.xforce.ibmcloud.com/vulnerabilities/61226https://rhn.redhat.com/errata/RHSA-2010-0635.htmlhttp://cacti.net/release_notes_0_8_7g.phphttp://marc.info/?l=oss-security&m=127978954522586&w=2http://marc.info/?l=oss-security&m=128017203704299&w=2http://secunia.com/advisories/41041http://svn.cacti.net/viewvc/cacti/branches/0.8.7/utilities.php?r1=6025&r2=6024&pathrev=6025http://svn.cacti.net/viewvc?view=rev&revision=6025http://www.mandriva.com/security/advisories?name=MDVSA-2010:160http://www.securityfocus.com/bid/42575http://www.vupen.com/english/advisories/2010/2132https://bugzilla.redhat.com/show_bug.cgi?id=459105https://exchange.xforce.ibmcloud.com/vulnerabilities/61226https://rhn.redhat.com/errata/RHSA-2010-0635.html
2010-08-23
Published