CVE-2014-4002 Information

Feb 14, 2021 cve

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php (2) data_input.php (3) data_queries.php (4) data_sources.php (5) data_templates.php (6) graph_templates.php (7) graphs.php (8) host.php or (9) host_templates.php or the (10) graph_template_input_id or (11) graph_template_id parameter to graph_templates_inputs.php.

Reference

http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html http://secunia.com/advisories/59203 http://secunia.com/advisories/59517 http://svn.cacti.net/viewvc?view=rev&revision=7451 http://svn.cacti.net/viewvc?view=rev&revision=7452 http://www.debian.org/security/2014/dsa-2970 http://www.securityfocus.com/bid/68257 https://security.gentoo.org/glsa/201509-03

Share on: