CVE-2010-2545 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g as used in Red Hat High Performance Computing (HPC) Solution and other products allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php (3) data_input.php (4) data_queries.php (5) data_sources.php (6) data_templates.php (7) gprint_presets.php (8) graph.php (9) graphs_new.php (10) graphs.php (11) graph_templates_inputs.php (12) graph_templates_items.php (13) graph_templates.php (14) graph_view.php (15) host.php (16) host_templates.php (17) lib/functions.php (18) lib/html_form.php (19) lib/html_form_template.php (20) lib/html.php (21) lib/html_tree.php (22) lib/rrd.php (23) rra.php (24) tree.php and (25) user_admin.php.

Reference

http://cacti.net/release_notes_0_8_7g.php http://marc.info/?l=oss-security&m=127978954522586&w=2 http://marc.info/?l=oss-security&m=128017203704299&w=2 http://secunia.com/advisories/41041 http://svn.cacti.net/viewvc?view=rev&revision=6037 http://svn.cacti.net/viewvc?view=rev&revision=6038 http://svn.cacti.net/viewvc?view=rev&revision=6041 http://svn.cacti.net/viewvc?view=rev&revision=6042 http://www.mandriva.com/security/advisories?name=MDVSA-2010:160 http://www.securityfocus.com/bid/42575 http://www.vupen.com/english/advisories/2010/2132 https://bugzilla.redhat.com/show_bug.cgi?id=459229 https://exchange.xforce.ibmcloud.com/vulnerabilities/61227 https://rhn.redhat.com/errata/RHSA-2010-0635.html