fkie_nvd - fkie_cve-2010-2543

fkie_cve-2010-2543

Vulnerability from fkie_nvd

Published

2010-08-23 22:00

Modified

2025-04-11 00:51

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.

References

URL	Tags
secalert@redhat.com	http://cacti.net/release_notes_0_8_7g.php	Vendor Advisory
secalert@redhat.com	http://marc.info/?l=oss-security&m=127978954522586&w=2
secalert@redhat.com	http://marc.info/?l=oss-security&m=128017203704299&w=2
secalert@redhat.com	http://svn.cacti.net/viewvc/cacti/branches/0.8.7/include/top_graph_header.php?r1=6025&r2=6024
secalert@redhat.com	http://svn.cacti.net/viewvc?view=rev&revision=6025
secalert@redhat.com	http://www.mandriva.com/security/advisories?name=MDVSA-2010:160
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=541279
af854a3a-2127-422b-91ae-364da2661108	http://cacti.net/release_notes_0_8_7g.php	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=oss-security&m=127978954522586&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=oss-security&m=128017203704299&w=2
af854a3a-2127-422b-91ae-364da2661108	http://svn.cacti.net/viewvc/cacti/branches/0.8.7/include/top_graph_header.php?r1=6025&r2=6024
af854a3a-2127-422b-91ae-364da2661108	http://svn.cacti.net/viewvc?view=rev&revision=6025
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:160
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=541279

Impacted products

Vendor	Product	Version
cacti	cacti	*
cacti	cacti	0.5
cacti	cacti	0.6
cacti	cacti	0.6.1
cacti	cacti	0.6.2
cacti	cacti	0.6.3
cacti	cacti	0.6.4
cacti	cacti	0.6.5
cacti	cacti	0.6.6
cacti	cacti	0.6.7
cacti	cacti	0.6.8
cacti	cacti	0.6.8a
cacti	cacti	0.8
cacti	cacti	0.8.1
cacti	cacti	0.8.2
cacti	cacti	0.8.2a
cacti	cacti	0.8.3
cacti	cacti	0.8.3a
cacti	cacti	0.8.4
cacti	cacti	0.8.5
cacti	cacti	0.8.5a
cacti	cacti	0.8.6
cacti	cacti	0.8.6a
cacti	cacti	0.8.6b
cacti	cacti	0.8.6c
cacti	cacti	0.8.6d
cacti	cacti	0.8.6f
cacti	cacti	0.8.6g
cacti	cacti	0.8.6h
cacti	cacti	0.8.6i
cacti	cacti	0.8.6j
cacti	cacti	0.8.6k
cacti	cacti	0.8.7
cacti	cacti	0.8.7a
cacti	cacti	0.8.7b
cacti	cacti	0.8.7c
cacti	cacti	0.8.7d
cacti	cacti	0.8.7e

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12610FA3-8EB9-45F2-9E70-8B3D70E47BC7",
              "versionEndIncluding": "0.8.7f",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.5:-:*:*:*:*:*:*",
              "matchCriteriaId": "015D2C09-205B-426B-9118-13CAC82BDF97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF50D0E4-94BC-433F-8986-4E2D9AF61A98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BE433B1-7F0B-4D16-8FD5-A5E193EC983A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD541744-A938-44A8-89A5-DE1B39DA1301",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D7A1EE2-2C80-46B2-B55A-17D200D722BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "594CCB0C-4DEA-4ECC-93FE-FDAD231F22CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "21352C22-E89D-482E-A704-1E1EFE0F4959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "51B3887B-078A-459D-AFCF-4BDBDB3B1EF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4611FB4-7B8D-4DCA-9BFC-87585E16129B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1740FA47-7129-47C0-9EA8-3D5FE1881AAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.6.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "330C515B-6DD0-4C41-97C8-87689CD443F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B44E0187-3577-4770-8D76-10F64F6400B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3E6282B-B403-45AD-B1EC-82257EEA1A43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0936E4B2-D89C-44B3-9082-77FA369BA280",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1257552-9117-45EE-B77C-00879E1FC67B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA380DC2-2392-413E-AC7A-F8B854EA3108",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "B530A944-0A71-4F88-AAE6-3844364FB098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "62C554AE-AE7A-48B1-A1FF-E8E7691EA344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "25541421-4A87-43BF-86D7-E1377CE3C859",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.5a:*:*:*:*:*:*:*",
              "matchCriteriaId": "301E2B13-D410-4B26-9A47-F90343F47C18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "546CE4D8-1E2E-4DEB-9FA1-DEA05F9AAE9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C420D9-45EB-40EF-BB9D-BBB5BB7DA6D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6b:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5FE1D7F-5A32-4C66-8B7E-7F790F1D9AAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6c:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE910AB1-7D04-4743-9963-BBA191EE4078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6d:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4290992-9EF9-41D4-8AB5-6744370A25E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6f:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB41A3C5-D03A-4B1F-B841-A9F5021A59F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6g:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F794F36-3073-43C5-A6C7-BADBCF6B735E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6h:*:*:*:*:*:*:*",
              "matchCriteriaId": "76CB86A0-E3A9-4A43-B98B-46654EFE21A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6i:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D62D429-7BDE-47DE-B466-0732DAC3F70E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6j:*:*:*:*:*:*:*",
              "matchCriteriaId": "6893355E-2F64-416D-9AED-898E6D1123F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.6k:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B41942D-A4A9-4916-99E6-DA36EB747BF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "191A8F3B-EDFA-47AA-B7B1-95B4C05AFD7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.7a:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A8C1715-DCA1-4C83-B817-9366172CFC1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.7b:*:*:*:*:*:*:*",
              "matchCriteriaId": "307B69DB-CFFB-49BA-A126-134EEE735FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.7c:*:*:*:*:*:*:*",
              "matchCriteriaId": "6532CB60-B8FA-418D-B077-FCC4EE24C1A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.7d:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B53567F-C65B-4E1F-BBF7-4F55C845A83A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cacti:cacti:0.8.7e:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB3DC32A-09AF-4DC9-A78E-E951847B76A8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en include/top_graph_header.php en Cacti antes de v0.8.7g permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro graph_start a graph.php. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incorrecta de la vulnerabilidad  CVE-2009-4032.2.b."
    }
  ],
  "id": "CVE-2010-2543",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-08-23T22:00:03.080",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://cacti.net/release_notes_0_8_7g.php"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=oss-security\u0026m=127978954522586\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://marc.info/?l=oss-security\u0026m=128017203704299\u0026w=2"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.cacti.net/viewvc/cacti/branches/0.8.7/include/top_graph_header.php?r1=6025\u0026r2=6024"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://svn.cacti.net/viewvc?view=rev\u0026revision=6025"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=541279"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://cacti.net/release_notes_0_8_7g.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=127978954522586\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=oss-security\u0026m=128017203704299\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.cacti.net/viewvc/cacti/branches/0.8.7/include/top_graph_header.php?r1=6025\u0026r2=6024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.cacti.net/viewvc?view=rev\u0026revision=6025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=541279"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2010-2543 (GCVE-0-2010-2543)

Vulnerability from cvelistv5

Published

2010-08-23 20:00