Summary: | <net-analyzer/cacti-0.8.7e-r1 Multiple XSS flaws (CVE-2009-{4032,4112}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Peter Volkov (RETIRED) <pva> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | netmon |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.securityfocus.com/bid/37109 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 293268 |
Description
Peter Volkov (RETIRED)
2009-11-25 11:13:22 UTC
ppc64 done x86 stable Stable on alpha. amd64 stable CVE-2009-4032 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4032): Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php. CVE-2009-4112 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4112): Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands. sparc stable Stable for PPC. All arches done. Closing noglsa. |