Vulnerability Description
Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fedoraproject | Fedora | 19 |
| Opensuse | Opensuse | 13.1 |
| Cacti | Cacti | 0.8.7g |
| Debian | Debian Linux | 7.0 |
Related Weaknesses (CWE)
References
- http://bugs.cacti.net/view.php?id=2431Issue Tracking
- http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.htmlThird Party Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131842.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.htmlThird Party Advisory
- http://packetstormsecurity.com/files/125849/Deutsche-Telekom-CERT-Advisory-DTC-AExploitThird Party AdvisoryVDB Entry
- http://secunia.com/advisories/57647
- http://secunia.com/advisories/59203
- http://svn.cacti.net/viewvc?view=rev&revision=7443Issue TrackingPatch
- http://www.debian.org/security/2014/dsa-2970Third Party Advisory
- http://www.securityfocus.com/archive/1/531588Third Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/66390Third Party AdvisoryVDB Entry
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742768Issue TrackingThird Party Advisory
- https://security.gentoo.org/glsa/201509-03
- http://bugs.cacti.net/view.php?id=2431Issue Tracking
- http://lists.fedoraproject.org/pipermail/package-announce/2014-April/131821.htmlThird Party Advisory
FAQ
What is CVE-2014-2326?
CVE-2014-2326 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
How severe is CVE-2014-2326?
CVE-2014-2326 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2326?
Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Opensuse Opensuse, Cacti Cacti, Debian Debian Linux.