Secunia
Login
|
|
CVE Reference: CVE-2010-2545 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2010-2545 |
|
|
Description: Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7) gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php, (11) graph_templates_inputs.php, (12) graph_templates_items.php, (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16) host_templates.php, (17) lib/functions.php, (18) lib/html_form.php, (19) lib/html_form_template.php, (20) lib/html.php, (21) lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php, and (25) user_admin.php. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/61227 SAID Secunia Advisory: SA41041 REDHAT MLIST http://marc.info/?l=oss-security&m=128017203704299&w=2 http://marc.info/?l=oss-security&m=127978954522586&w=2 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2010:160 CONFIRM http://svn.cacti.net/viewvc?view=rev&revision=6042 http://svn.cacti.net/viewvc?view=rev&revision=6041 http://svn.cacti.net/viewvc?view=rev&revision=6038 http://svn.cacti.net/viewvc?view=rev&revision=6037 http://cacti.net/release_notes_0_8_7g.php BID 42575 |
|
| Return to the previous page. |
