QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2009-4032

Back to search

CVE-2009-4032

Published: Nov 27, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php.

VendorProductVersions

n/a

n/a

affected
n/a

References

20091125 Cacti 0.8.7e: Multiple security issues
mailing-list
x_refsource_FULLDISC
FEDORA-2009-12575
vendor-advisory
x_refsource_FEDORA
38087
third-party-advisory
x_refsource_SECUNIA
JVN#09758120
third-party-advisory
x_refsource_JVN
cacti-name-xss(54388)
vdb-entry
x_refsource_XF
41041
third-party-advisory
x_refsource_SECUNIA
JVNDB-2009-003901
third-party-advisory
x_refsource_JVNDB
RHSA-2010:0635
vendor-advisory
x_refsource_REDHAT
37481
third-party-advisory
x_refsource_SECUNIA
37109
vdb-entry
x_refsource_BID
ADV-2009-3325
vdb-entry
x_refsource_VUPEN
ADV-2010-2132
vdb-entry
x_refsource_VUPEN
37934
third-party-advisory
x_refsource_SECUNIA
60483
vdb-entry
x_refsource_OSVDB
FEDORA-2009-12560
vendor-advisory
x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now