CVE-2010-2545

Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7) gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php, (11) graph_templates_inputs.php, (12) graph_templates_items.php, (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16) host_templates.php, (17) lib/functions.php, (18) lib/html_form.php, (19) lib/html_form_template.php, (20) lib/html.php, (21) lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php, and (25) user_admin.php.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://cacti.net/release_notes_0_8_7g.php	Vendor Advisory
http://marc.info/?l=oss-security&m=127978954522586&w=2
http://marc.info/?l=oss-security&m=128017203704299&w=2
http://secunia.com/advisories/41041	Vendor Advisory
http://svn.cacti.net/viewvc?view=rev&revision=6037
http://svn.cacti.net/viewvc?view=rev&revision=6038
http://svn.cacti.net/viewvc?view=rev&revision=6041
http://svn.cacti.net/viewvc?view=rev&revision=6042
http://www.mandriva.com/security/advisories?name=MDVSA-2010:160
http://www.securityfocus.com/bid/42575	Exploit
http://www.vupen.com/english/advisories/2010/2132
https://bugzilla.redhat.com/show_bug.cgi?id=459229
https://exchange.xforce.ibmcloud.com/vulnerabilities/61227
https://rhn.redhat.com/errata/RHSA-2010-0635.html
http://cacti.net/release_notes_0_8_7g.php	Vendor Advisory
http://marc.info/?l=oss-security&m=127978954522586&w=2
http://marc.info/?l=oss-security&m=128017203704299&w=2
http://secunia.com/advisories/41041	Vendor Advisory
http://svn.cacti.net/viewvc?view=rev&revision=6037
http://svn.cacti.net/viewvc?view=rev&revision=6038
http://svn.cacti.net/viewvc?view=rev&revision=6041
http://svn.cacti.net/viewvc?view=rev&revision=6042
http://www.mandriva.com/security/advisories?name=MDVSA-2010:160
http://www.securityfocus.com/bid/42575	Exploit
http://www.vupen.com/english/advisories/2010/2132
https://bugzilla.redhat.com/show_bug.cgi?id=459229
https://exchange.xforce.ibmcloud.com/vulnerabilities/61227
https://rhn.redhat.com/errata/RHSA-2010-0635.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cacti:cacti::::::::
	cpe:2.3:a:cacti:cacti:0.5:-::::::
	cpe:2.3:a:cacti:cacti:0.6:::::::*
	cpe:2.3:a:cacti:cacti:0.6.1:::::::*
	cpe:2.3:a:cacti:cacti:0.6.2:::::::*
	cpe:2.3:a:cacti:cacti:0.6.3:::::::*
	cpe:2.3:a:cacti:cacti:0.6.4:::::::*
	cpe:2.3:a:cacti:cacti:0.6.5:::::::*
	cpe:2.3:a:cacti:cacti:0.6.6:::::::*
	cpe:2.3:a:cacti:cacti:0.6.7:::::::*
	cpe:2.3:a:cacti:cacti:0.6.8:::::::*
	cpe:2.3:a:cacti:cacti:0.6.8a:::::::*
	cpe:2.3:a:cacti:cacti:0.8:::::::*
	cpe:2.3:a:cacti:cacti:0.8.1:::::::*
	cpe:2.3:a:cacti:cacti:0.8.2:::::::*
	cpe:2.3:a:cacti:cacti:0.8.2a:::::::*
	cpe:2.3:a:cacti:cacti:0.8.3:::::::*
	cpe:2.3:a:cacti:cacti:0.8.3a:::::::*
	cpe:2.3:a:cacti:cacti:0.8.4:::::::*
	cpe:2.3:a:cacti:cacti:0.8.5:::::::*
	cpe:2.3:a:cacti:cacti:0.8.5a:::::::*
	cpe:2.3:a:cacti:cacti:0.8.6:::::::*
	cpe:2.3:a:cacti:cacti:0.8.6a:::::::*
	cpe:2.3:a:cacti:cacti:0.8.6b:::::::*
	cpe:2.3:a:cacti:cacti:0.8.6c:::::::*
	cpe:2.3:a:cacti:cacti:0.8.6d:::::::*
	cpe:2.3:a:cacti:cacti:0.8.6f:::::::*
	cpe:2.3:a:cacti:cacti:0.8.6g:::::::*
	cpe:2.3:a:cacti:cacti:0.8.6h:::::::*
	cpe:2.3:a:cacti:cacti:0.8.6i:::::::*
	cpe:2.3:a:cacti:cacti:0.8.6j:::::::*
	cpe:2.3:a:cacti:cacti:0.8.6k:::::::*
	cpe:2.3:a:cacti:cacti:0.8.7:::::::*
	cpe:2.3:a:cacti:cacti:0.8.7a:::::::*
	cpe:2.3:a:cacti:cacti:0.8.7b:::::::*
	cpe:2.3:a:cacti:cacti:0.8.7c:::::::*
	cpe:2.3:a:cacti:cacti:0.8.7d:::::::*
	cpe:2.3:a:cacti:cacti:0.8.7e:::::::*

History

21 Nov 2024, 01:16

Type	Values Removed	Values Added
References	~~() http://cacti.net/release_notes_0_8_7g.php - Vendor Advisory~~	() http://cacti.net/release_notes_0_8_7g.php - Vendor Advisory
References	~~() http://marc.info/?l=oss-security&m=127978954522586&w=2 -~~	() http://marc.info/?l=oss-security&m=127978954522586&w=2 -
References	~~() http://marc.info/?l=oss-security&m=128017203704299&w=2 -~~	() http://marc.info/?l=oss-security&m=128017203704299&w=2 -
References	~~() http://secunia.com/advisories/41041 - Vendor Advisory~~	() http://secunia.com/advisories/41041 - Vendor Advisory
References	~~() http://svn.cacti.net/viewvc?view=rev&revision=6037 -~~	() http://svn.cacti.net/viewvc?view=rev&revision=6037 -
References	~~() http://svn.cacti.net/viewvc?view=rev&revision=6038 -~~	() http://svn.cacti.net/viewvc?view=rev&revision=6038 -
References	~~() http://svn.cacti.net/viewvc?view=rev&revision=6041 -~~	() http://svn.cacti.net/viewvc?view=rev&revision=6041 -
References	~~() http://svn.cacti.net/viewvc?view=rev&revision=6042 -~~	() http://svn.cacti.net/viewvc?view=rev&revision=6042 -
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2010:160 -~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2010:160 -
References	~~() http://www.securityfocus.com/bid/42575 - Exploit~~	() http://www.securityfocus.com/bid/42575 - Exploit
References	~~() http://www.vupen.com/english/advisories/2010/2132 -~~	() http://www.vupen.com/english/advisories/2010/2132 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=459229 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=459229 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/61227 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/61227 -
References	~~() https://rhn.redhat.com/errata/RHSA-2010-0635.html -~~	() https://rhn.redhat.com/errata/RHSA-2010-0635.html -

Information

Published : 2010-08-23 22:00

Updated : 2025-04-11 00:51

NVD link : CVE-2010-2545

Mitre link : CVE-2010-2545

CVE.ORG link : CVE-2010-2545

JSON object : View

Products Affected

cacti

cacti

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2010-2545", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-08-23T22:00:03.220", "references": [{"url": "http://cacti.net/release_notes_0_8_7g.php", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=oss-security&m=127978954522586&w=2", "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=oss-security&m=128017203704299&w=2", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/41041", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://svn.cacti.net/viewvc?view=rev&revision=6037", "source": "secalert@redhat.com"}, {"url": "http://svn.cacti.net/viewvc?view=rev&revision=6038", "source": "secalert@redhat.com"}, {"url": "http://svn.cacti.net/viewvc?view=rev&revision=6041", "source": "secalert@redhat.com"}, {"url": "http://svn.cacti.net/viewvc?view=rev&revision=6042", "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/42575", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2010/2132", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459229", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61227", "source": "secalert@redhat.com"}, {"url": "https://rhn.redhat.com/errata/RHSA-2010-0635.html", "source": "secalert@redhat.com"}, {"url": "http://cacti.net/release_notes_0_8_7g.php", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=oss-security&m=127978954522586&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=oss-security&m=128017203704299&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/41041", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.cacti.net/viewvc?view=rev&revision=6037", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.cacti.net/viewvc?view=rev&revision=6038", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.cacti.net/viewvc?view=rev&revision=6041", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://svn.cacti.net/viewvc?view=rev&revision=6042", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/42575", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/2132", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=459229", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/61227", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://rhn.redhat.com/errata/RHSA-2010-0635.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7) gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php, (11) graph_templates_inputs.php, (12) graph_templates_items.php, (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16) host_templates.php, (17) lib/functions.php, (18) lib/html_form.php, (19) lib/html_form_template.php, (20) lib/html.php, (21) lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php, and (25) user_admin.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios crtuzados (XSS) en Cacti antes de v0.8.7g, tal como se utiliza en Red Hat High Performance Computing (HPC) Solution y otros productos, permite a atacantes remotos inyectar HTML o secuencias de comandos web a trav\u00e9s del (1) elemento name en una plantilla XML para templates_import.php. Tambi\u00e9n permite a los administradores remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores relacionados con (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources. php, (6) data_templates.php, (7) gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php, (11) graph_templates_inputs.php, (12) graph_templates_items.php , (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16) host_templates.php, (17) lib/functions.php, (18) lib/html_form.php, (19) lib/html_form_template.php, (20) lib/html.php, (21) lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php, y (25) user_admin.php."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12610FA3-8EB9-45F2-9E70-8B3D70E47BC7", "versionEndIncluding": "0.8.7f"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.5:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "015D2C09-205B-426B-9118-13CAC82BDF97"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF50D0E4-94BC-433F-8986-4E2D9AF61A98"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BE433B1-7F0B-4D16-8FD5-A5E193EC983A"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD541744-A938-44A8-89A5-DE1B39DA1301"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D7A1EE2-2C80-46B2-B55A-17D200D722BB"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "594CCB0C-4DEA-4ECC-93FE-FDAD231F22CD"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21352C22-E89D-482E-A704-1E1EFE0F4959"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51B3887B-078A-459D-AFCF-4BDBDB3B1EF7"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.6.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4611FB4-7B8D-4DCA-9BFC-87585E16129B"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.6.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1740FA47-7129-47C0-9EA8-3D5FE1881AAC"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.6.8a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "330C515B-6DD0-4C41-97C8-87689CD443F5"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B44E0187-3577-4770-8D76-10F64F6400B3"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3E6282B-B403-45AD-B1EC-82257EEA1A43"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0936E4B2-D89C-44B3-9082-77FA369BA280"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.2a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1257552-9117-45EE-B77C-00879E1FC67B"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA380DC2-2392-413E-AC7A-F8B854EA3108"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.3a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B530A944-0A71-4F88-AAE6-3844364FB098"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62C554AE-AE7A-48B1-A1FF-E8E7691EA344"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25541421-4A87-43BF-86D7-E1377CE3C859"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.5a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "301E2B13-D410-4B26-9A47-F90343F47C18"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "546CE4D8-1E2E-4DEB-9FA1-DEA05F9AAE9E"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.6a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45C420D9-45EB-40EF-BB9D-BBB5BB7DA6D7"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.6b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5FE1D7F-5A32-4C66-8B7E-7F790F1D9AAC"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.6c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE910AB1-7D04-4743-9963-BBA191EE4078"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.6d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4290992-9EF9-41D4-8AB5-6744370A25E5"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.6f:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB41A3C5-D03A-4B1F-B841-A9F5021A59F0"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.6g:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F794F36-3073-43C5-A6C7-BADBCF6B735E"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.6h:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76CB86A0-E3A9-4A43-B98B-46654EFE21A7"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.6i:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D62D429-7BDE-47DE-B466-0732DAC3F70E"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.6j:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6893355E-2F64-416D-9AED-898E6D1123F8"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.6k:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B41942D-A4A9-4916-99E6-DA36EB747BF6"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "191A8F3B-EDFA-47AA-B7B1-95B4C05AFD7A"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.7a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7A8C1715-DCA1-4C83-B817-9366172CFC1D"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.7b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "307B69DB-CFFB-49BA-A126-134EEE735FCC"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.7c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6532CB60-B8FA-418D-B077-FCC4EE24C1A9"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.7d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B53567F-C65B-4E1F-BBF7-4F55C845A83A"}, {"criteria": "cpe:2.3:a:cacti:cacti:0.8.7e:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB3DC32A-09AF-4DC9-A78E-E951847B76A8"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

4.3 /10