CVE-2010-2543: XSS
First published: Sat Nov 21 2009(Updated: )
Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/cacti | 1.2.16+ds1-2+deb11u3 1.2.24+ds1-1+deb12u2 1.2.27+ds1-2 | |
| Cacti | <=0.8.7f | |
| Cacti | =0.5 | |
| Cacti | =0.6 | |
| Cacti | =0.6.1 | |
| Cacti | =0.6.2 | |
| Cacti | =0.6.3 | |
| Cacti | =0.6.4 | |
| Cacti | =0.6.5 | |
| Cacti | =0.6.6 | |
| Cacti | =0.6.7 | |
| Cacti | =0.6.8 | |
| Cacti | =0.6.8a | |
| Cacti | =0.8 | |
| Cacti | =0.8.1 | |
| Cacti | =0.8.2 | |
| Cacti | =0.8.2a | |
| Cacti | =0.8.3 | |
| Cacti | =0.8.3a | |
| Cacti | =0.8.4 | |
| Cacti | =0.8.5 | |
| Cacti | =0.8.5a | |
| Cacti | =0.8.6 | |
| Cacti | =0.8.6a | |
| Cacti | =0.8.6b | |
| Cacti | =0.8.6c | |
| Cacti | =0.8.6d | |
| Cacti | =0.8.6f | |
| Cacti | =0.8.6g | |
| Cacti | =0.8.6h | |
| Cacti | =0.8.6i | |
| Cacti | =0.8.6j | |
| Cacti | =0.8.6k | |
| Cacti | =0.8.7 | |
| Cacti | =0.8.7a | |
| Cacti | =0.8.7b | |
| Cacti | =0.8.7c | |
| Cacti | =0.8.7d | |
| Cacti | =0.8.7e |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://marc.info/?l=oss-security&m=127978954522586&w=2
- http://marc.info/?l=oss-security&m=128017203704299&w=2
- https://bugzilla.redhat.com/show_bug.cgi?id=541279
- http://svn.cacti.net/viewvc/cacti/branches/0.8.7/include/top_graph_header.php?r1=6025&r2=6024
- http://cacti.net/release_notes_0_8_7g.php
- http://svn.cacti.net/viewvc?view=rev&revision=6025
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:160
- https://www.cve.org/CVERecord?id=CVE-2010-2543 https://nvd.nist.gov/vuln/detail/CVE-2010-2543
- https://access.redhat.com/security/cve/CVE-2010-2543
- https://security-tracker.debian.org/tracker/CVE-2010-2543
Frequently Asked Questions
What is the severity of CVE-2010-2543?
CVE-2010-2543 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2010-2543?
To fix CVE-2010-2543, upgrade to Cacti version 0.8.7g or later.
What impact does CVE-2010-2543 have on users?
CVE-2010-2543 allows remote attackers to inject arbitrary scripts or HTML into pages viewed by users, leading to potential data theft or session hijacking.
Which versions of Cacti are affected by CVE-2010-2543?
CVE-2010-2543 affects all Cacti versions prior to 0.8.7g.
Is CVE-2010-2543 exploit-related information available?
Details regarding the exploitation techniques for CVE-2010-2543 are not publicly documented, focusing instead on mitigation and remediation.
- collector/redhat-cve
- agent/author
- agent/first-publish-date
- agent/type
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-api
- package-manager/debian
- vendor/cacti
- canonical/cacti
- version/cacti/0.8.7f
- version/cacti/0.5
- version/cacti/0.6
- version/cacti/0.6.1
- version/cacti/0.6.2
- version/cacti/0.6.3
- version/cacti/0.6.4
- version/cacti/0.6.5
- version/cacti/0.6.6
- version/cacti/0.6.7
- version/cacti/0.6.8
- version/cacti/0.6.8a
- version/cacti/0.8
- version/cacti/0.8.1
- version/cacti/0.8.2
- version/cacti/0.8.2a
- version/cacti/0.8.3
- version/cacti/0.8.3a
- version/cacti/0.8.4
- version/cacti/0.8.5
- version/cacti/0.8.5a
- version/cacti/0.8.6
- version/cacti/0.8.6a
- version/cacti/0.8.6b
- version/cacti/0.8.6c
- version/cacti/0.8.6d
- version/cacti/0.8.6f
- version/cacti/0.8.6g
- version/cacti/0.8.6h
- version/cacti/0.8.6i
- version/cacti/0.8.6j
- version/cacti/0.8.6k
- version/cacti/0.8.7
- version/cacti/0.8.7a
- version/cacti/0.8.7b
- version/cacti/0.8.7c
- version/cacti/0.8.7d
- version/cacti/0.8.7e