Description
Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Moritz Naumann · textwebappsphp
https://www.exploit-db.com/exploits/10234
References (7)
Core 7
Core References
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:160
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=541279
Mailing List mailing-list
x_refsource_mlist
http://marc.info/?l=oss-security&m=127978954522586&w=2
Vendor Advisory x_refsource_confirm
http://cacti.net/release_notes_0_8_7g.php
Mailing List mailing-list
x_refsource_mlist
http://marc.info/?l=oss-security&m=128017203704299&w=2
Various Sources x_refsource_confirm
http://svn.cacti.net/viewvc?view=rev&revision=6025
Various Sources x_refsource_confirm
http://svn.cacti.net/viewvc/cacti/branches/0.8.7/include/top_graph_header.php?r1=6025&r2=6024
Scores
EPSS
0.1051
EPSS Percentile
93.3%
Details
CWE
CWE-79
Status
published
Products (38)
cacti/cacti
0.5
cacti/cacti
0.6
cacti/cacti
0.6.1
cacti/cacti
0.6.2
cacti/cacti
0.6.3
cacti/cacti
0.6.4
cacti/cacti
0.6.5
cacti/cacti
0.6.6
cacti/cacti
0.6.7
cacti/cacti
0.6.8
... and 28 more
Published
Aug 23, 2010
Tracked Since
Feb 18, 2026