Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-2544 — Cross-site Scripting in Cacti

CWE-79 — Cross-site Scripting8 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

6.0%

top 9.29%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Cacti Debian Cacti

Timeline

PublishedAug 23

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/cacti< cacti 0.8.7g-1 (bookworm)

▶Debiancacti/cacti< 0.8.7g-1+3

▶NVDcacti/cacti0.8.7f+37

🔴Vulnerability Details

GHSA

GHSA-jc42-p4w4-wc6f: Cross-site scripting (XSS) vulnerability in utilities↗2022-05-17

▶

OSV

CVE-2010-2544: Cross-site scripting (XSS) vulnerability in utilities↗2010-08-23

▶

💥Exploits & PoCs

Exploit-DB

Cacti 0.8.7 (RedHat High Performance Computing [HPC]) - 'utilities.php?Filter' Cross-Site Scripting↗2010-08-19

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Cacti cacti/utilities.php Cross Site Scripting Attempt↗2010-09-28

▶

📋Vendor Advisories

Red Hat

cacti: XSS in utilities.php log file viewer search pattern↗2010-07-09

▶

Debian

CVE-2010-2544: cacti - Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g...↗2010

▶

💬Community

Bugzilla

CVE-2010-2544 cacti: XSS in utilities.php log file viewer search pattern↗2008-08-14

▶