CVE-2010-2545Cross-site Scripting in Cacti

CWE-79Cross-site Scripting7 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
1.8%
top 17.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
CactiDebian Cacti
Timeline
PublishedAug 23
Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/cacti< cacti 0.8.7g-1 (bookworm)
Debiancacti/cacti< 0.8.7g-1+3
NVDcacti/cacti0.8.7f+37

🔴Vulnerability Details

2
GHSA
GHSA-h4qm-pq35-233f: Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 02022-05-17
OSV
CVE-2010-2545: Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 02010-08-23

🔍Detection Rules

1
Suricata
ET WEB_SPECIFIC_APPS Cacti cacti/utilities.php Cross Site Scripting Attempt2010-09-28

📋Vendor Advisories

2
Red Hat
cacti: XSS via various object names or descriptions2010-07-09
Debian
CVE-2010-2545: cacti - Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as u...2010

💬Community

1
Bugzilla
CVE-2010-2545 cacti: XSS via various object names or descriptions2008-08-15