Unknown
CVE-2010-2545
Unknown
(0 users assessed)
Unknown
(0 users assessed)Unknown
Unknown
Unknown
Description
Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7) gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php, (11) graph_templates_inputs.php, (12) graph_templates_items.php, (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16) host_templates.php, (17) lib/functions.php, (18) lib/html_form.php, (19) lib/html_form_template.php, (20) lib/html.php, (21) lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php, and (25) user_admin.php.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
- cacti
Products
- cacti,
- cacti 0.5,
- cacti 0.6,
- cacti 0.6.1,
- cacti 0.6.2,
- cacti 0.6.3,
- cacti 0.6.4,
- cacti 0.6.5,
- cacti 0.6.6,
- cacti 0.6.7,
- cacti 0.6.8,
- cacti 0.6.8a,
- cacti 0.8,
- cacti 0.8.1,
- cacti 0.8.2,
- cacti 0.8.2a,
- cacti 0.8.3,
- cacti 0.8.3a,
- cacti 0.8.4,
- cacti 0.8.5,
- cacti 0.8.5a,
- cacti 0.8.6,
- cacti 0.8.6a,
- cacti 0.8.6b,
- cacti 0.8.6c,
- cacti 0.8.6d,
- cacti 0.8.6f,
- cacti 0.8.6g,
- cacti 0.8.6h,
- cacti 0.8.6i,
- cacti 0.8.6j,
- cacti 0.8.6k,
- cacti 0.8.7,
- cacti 0.8.7a,
- cacti 0.8.7b,
- cacti 0.8.7c,
- cacti 0.8.7d,
- cacti 0.8.7e
References
Advisory
