CVE-2010-1644

EUVD-2010-1665
Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
cacticacti
𝑥
≤ 0.8.7e
cacticacti
0.5
cacticacti
0.6
cacticacti
0.6.1
cacticacti
0.6.2
cacticacti
0.6.3
cacticacti
0.6.4
cacticacti
0.6.5
cacticacti
0.6.6
cacticacti
0.6.7
cacticacti
0.6.8
cacticacti
0.6.8a:a
cacticacti
0.8
cacticacti
0.8.1
cacticacti
0.8.2
cacticacti
0.8.2a:a
cacticacti
0.8.3
cacticacti
0.8.3a:a
cacticacti
0.8.4
cacticacti
0.8.5
cacticacti
0.8.5a:a
cacticacti
0.8.6
cacticacti
0.8.6a:a
cacticacti
0.8.6b:b
cacticacti
0.8.6c:c
cacticacti
0.8.6d:d
cacticacti
0.8.6f:f
cacticacti
0.8.6g:g
cacticacti
0.8.6h:h
cacticacti
0.8.6i:i
cacticacti
0.8.6j:j
cacticacti
0.8.6k:k
cacticacti
0.8.7
cacticacti
0.8.7a:a
cacticacti
0.8.7b:b
cacticacti
0.8.7c:c
cacticacti
0.8.7d:d
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cacti
bookworm
1.2.24+ds1-1+deb12u4
fixed
bookworm (security)
1.2.24+ds1-1+deb12u2
fixed
bullseye
1.2.16+ds1-2+deb11u3
fixed
bullseye (security)
1.2.16+ds1-2+deb11u4
fixed
sid
1.2.28+ds1-2
fixed
trixie
1.2.28+ds1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cacti
dapper
ignored
hardy
ignored
jaunty
ignored
karmic
ignored
lucid
Fixed 0.8.7e-2ubuntu0.1
released
maverick
Fixed 0.8.7g-1
released
natty
Fixed 0.8.7g-1
released
oneiric
Fixed 0.8.7g-1
released
Common Weakness Enumeration
References
http://secunia.com/advisories/41041
http://svn.cacti.net/viewvc?view=rev&revision=5901
http://www.cacti.net/release_notes_0_8_7f.php
http://www.mandriva.com/security/advisories?name=MDVSA-2010:160
http://www.securityfocus.com/archive/1/511393
http://www.securityfocus.com/bid/40332
http://www.vupen.com/english/advisories/2010/1203
http://www.vupen.com/english/advisories/2010/2132
https://bugzilla.redhat.com/show_bug.cgi?id=609093
https://rhn.redhat.com/errata/RHSA-2010-0635.html
http://secunia.com/advisories/41041
http://svn.cacti.net/viewvc?view=rev&revision=5901
http://www.cacti.net/release_notes_0_8_7f.php
http://www.mandriva.com/security/advisories?name=MDVSA-2010:160
http://www.securityfocus.com/archive/1/511393
http://www.securityfocus.com/bid/40332
http://www.vupen.com/english/advisories/2010/1203
http://www.vupen.com/english/advisories/2010/2132
https://bugzilla.redhat.com/show_bug.cgi?id=609093
https://rhn.redhat.com/errata/RHSA-2010-0635.html