CVE-2013-5588

Cacti <0.8.8b - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php.

References (5)

[Exploit, Patch] http://bugs.cacti.net/view.php?id=2383

[Mailing List] http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/62001

[Third Party Advisory] http://www.debian.org/security/2013/dsa-2747

[Third Party Advisory] http://secunia.com/advisories/54652

Scores

EPSS 0.0033

EPSS Percentile 55.6%

Details

CWE

CWE-79

Status published

Products (37)

cacti/cacti < 0.8.8b

cacti/cacti

... and 27 more

Published Aug 29, 2013

Tracked Since Feb 18, 2026