CVE-2010-2543

Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
cacticacti
𝑥
≤ 0.8.7f
cacticacti
0.5
cacticacti
0.6
cacticacti
0.6.1
cacticacti
0.6.2
cacticacti
0.6.3
cacticacti
0.6.4
cacticacti
0.6.5
cacticacti
0.6.6
cacticacti
0.6.7
cacticacti
0.6.8
cacticacti
0.6.8a:a
cacticacti
0.8
cacticacti
0.8.1
cacticacti
0.8.2
cacticacti
0.8.2a:a
cacticacti
0.8.3
cacticacti
0.8.3a:a
cacticacti
0.8.4
cacticacti
0.8.5
cacticacti
0.8.5a:a
cacticacti
0.8.6
cacticacti
0.8.6a:a
cacticacti
0.8.6b:b
cacticacti
0.8.6c:c
cacticacti
0.8.6d:d
cacticacti
0.8.6f:f
cacticacti
0.8.6g:g
cacticacti
0.8.6h:h
cacticacti
0.8.6i:i
cacticacti
0.8.6j:j
cacticacti
0.8.6k:k
cacticacti
0.8.7
cacticacti
0.8.7a:a
cacticacti
0.8.7b:b
cacticacti
0.8.7c:c
cacticacti
0.8.7d:d
cacticacti
0.8.7e:e
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
cacti
bullseye
1.2.16+ds1-2+deb11u3
fixed
bullseye (security)
1.2.16+ds1-2+deb11u4
fixed
bookworm
1.2.24+ds1-1+deb12u4
fixed
bookworm (security)
1.2.24+ds1-1+deb12u2
fixed
sid
1.2.28+ds1-2
fixed
trixie
1.2.28+ds1-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
cacti
oneiric
Fixed 0.8.7g-1
released
natty
Fixed 0.8.7g-1
released
maverick
Fixed 0.8.7g-1
released
lucid
Fixed 0.8.7e-2ubuntu0.1
released
karmic
ignored
jaunty
ignored
hardy
ignored
dapper
ignored
Common Weakness Enumeration
References
http://cacti.net/release_notes_0_8_7g.php
http://marc.info/?l=oss-security&m=127978954522586&w=2
http://marc.info/?l=oss-security&m=128017203704299&w=2
http://svn.cacti.net/viewvc/cacti/branches/0.8.7/include/top_graph_header.php?r1=6025&r2=6024
http://svn.cacti.net/viewvc?view=rev&revision=6025
http://www.mandriva.com/security/advisories?name=MDVSA-2010:160
https://bugzilla.redhat.com/show_bug.cgi?id=541279
http://cacti.net/release_notes_0_8_7g.php
http://marc.info/?l=oss-security&m=127978954522586&w=2
http://marc.info/?l=oss-security&m=128017203704299&w=2
http://svn.cacti.net/viewvc/cacti/branches/0.8.7/include/top_graph_header.php?r1=6025&r2=6024
http://svn.cacti.net/viewvc?view=rev&revision=6025
http://www.mandriva.com/security/advisories?name=MDVSA-2010:160
https://bugzilla.redhat.com/show_bug.cgi?id=541279