Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE Request: 3 XSS vulnerabilities in Cacti <= 0.8.8b
From: Salvatore Bonaccorso <carnil () debian org>
Date: Sun, 25 Aug 2013 09:44:15 +0200

Hi

Three cross-site scripting vulnerabilities were reported in the Cacti
Bugtracker at [1]:

 - Reflected XSS in the "step" parameter of the "/install/index.php"
   script
 - Stored XSS in the id parameter in the "/cacti/host.php" script
 - "/cacti/host.php" script is vulnerable to Blind SQL Injection in
   the "id" parameter.

Upstream (Cc'ed) has commited r7420[2] and r7421[3]
for 0.8.8 and 0.8.9 respectively to fix these issues.

 [1] http://bugs.cacti.net/view.php?id=2383
 [2] http://svn.cacti.net/viewvc?view=rev&revision=7420
 [3] http://svn.cacti.net/viewvc?view=rev&revision=7421

Can CVE's be assigned for these issues?

Regards,
Salvatore


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]