CVE-2010-1644: XSS
First published: Tue Jun 29 2010(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cacti | =0.5 | |
| Cacti | =0.8.6k | |
| Cacti | =0.8.6d | |
| Cacti | =0.6.3 | |
| Cacti | =0.8.7 | |
| Cacti | =0.8.5a | |
| Cacti | =0.8.3 | |
| Cacti | =0.6.8 | |
| Cacti | =0.8.2 | |
| Cacti | =0.8.5 | |
| Cacti | =0.6.6 | |
| Cacti | =0.8.7d | |
| Cacti | =0.8.7b | |
| Cacti | =0.8.7a | |
| Cacti | =0.6.2 | |
| Cacti | =0.6.5 | |
| Cacti | =0.8.6f | |
| Cacti | =0.8.6g | |
| Cacti | =0.8.6j | |
| Cacti | =0.8.7c | |
| Cacti | =0.6.1 | |
| Cacti | =0.8 | |
| Cacti | =0.8.6a | |
| Cacti | =0.8.6i | |
| Cacti | =0.8.6 | |
| Cacti | =0.6.8a | |
| Cacti | =0.6.7 | |
| Cacti | =0.8.1 | |
| Cacti | =0.8.4 | |
| Cacti | =0.8.6c | |
| Cacti | =0.6.4 | |
| Cacti | =0.8.6b | |
| Cacti | =0.8.2a | |
| Cacti | =0.8.3a | |
| Cacti | =0.8.6h | |
| Cacti | <=0.8.7e | |
| Cacti | =0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/40332
- http://secunia.com/advisories/41041
- https://rhn.redhat.com/errata/RHSA-2010-0635.html
- http://www.vupen.com/english/advisories/2010/1203
- http://www.securityfocus.com/archive/1/511393
- http://svn.cacti.net/viewvc?view=rev&revision=5901
- http://www.cacti.net/release_notes_0_8_7f.php
- https://bugzilla.redhat.com/show_bug.cgi?id=609093
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:160
- http://www.vupen.com/english/advisories/2010/2132
Frequently Asked Questions
What is the severity of CVE-2010-1644?
The CVE-2010-1644 vulnerability has been classified as a moderate severity issue due to the potential for cross-site scripting attacks.
How do I fix CVE-2010-1644?
To address CVE-2010-1644, upgrade to Cacti version 0.8.7f or later, which contains the necessary patches.
Which versions of Cacti are affected by CVE-2010-1644?
CVE-2010-1644 affects Cacti versions prior to 0.8.7f, including several earlier versions down to 0.5.
What types of attacks are possible with CVE-2010-1644?
CVE-2010-1644 allows attackers to perform cross-site scripting (XSS) attacks, potentially compromising user accounts or data.
Are there any workarounds for CVE-2010-1644?
A recommended workaround for CVE-2010-1644 is to sanitize user input for the hostname and description parameters to prevent XSS.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-1644
- agent/trending
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cacti
- canonical/cacti
- version/cacti/0.5
- version/cacti/0.8.6k
- version/cacti/0.8.6d
- version/cacti/0.6.3
- version/cacti/0.8.7
- version/cacti/0.8.5a
- version/cacti/0.8.3
- version/cacti/0.6.8
- version/cacti/0.8.2
- version/cacti/0.8.5
- version/cacti/0.6.6
- version/cacti/0.8.7d
- version/cacti/0.8.7b
- version/cacti/0.8.7a
- version/cacti/0.6.2
- version/cacti/0.6.5
- version/cacti/0.8.6f
- version/cacti/0.8.6g
- version/cacti/0.8.6j
- version/cacti/0.8.7c
- version/cacti/0.6.1
- version/cacti/0.8
- version/cacti/0.8.6a
- version/cacti/0.8.6i
- version/cacti/0.8.6
- version/cacti/0.6.8a
- version/cacti/0.6.7
- version/cacti/0.8.1
- version/cacti/0.8.4
- version/cacti/0.8.6c
- version/cacti/0.6.4
- version/cacti/0.8.6b
- version/cacti/0.8.2a
- version/cacti/0.8.3a
- version/cacti/0.8.6h
- version/cacti/0.8.7e
- version/cacti/0.6