Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cacti | Cacti | <= 0.8.7e |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/41041Vendor Advisory
- http://svn.cacti.net/viewvc?view=rev&revision=5901
- http://www.cacti.net/release_notes_0_8_7f.php
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:160
- http://www.securityfocus.com/archive/1/511393
- http://www.securityfocus.com/bid/40332
- http://www.vupen.com/english/advisories/2010/1203PatchVendor Advisory
- http://www.vupen.com/english/advisories/2010/2132
- https://bugzilla.redhat.com/show_bug.cgi?id=609093
- https://rhn.redhat.com/errata/RHSA-2010-0635.html
- http://secunia.com/advisories/41041Vendor Advisory
- http://svn.cacti.net/viewvc?view=rev&revision=5901
- http://www.cacti.net/release_notes_0_8_7f.php
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:160
- http://www.securityfocus.com/archive/1/511393
FAQ
What is CVE-2010-1644?
CVE-2010-1644 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary ...
How severe is CVE-2010-1644?
CVE-2010-1644 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1644?
Check the references section above for vendor advisories and patch information. Affected products include: Cacti Cacti.