Test ID:	1.3.6.1.4.1.25623.1.0.100361
Category:	Web application abuses
Title:	Cacti Multiple HTML Injection Vulnerabilities
Summary:	Cacti is prone to multiple HTML-injection vulnerabilities because it fails to; properly sanitize user-supplied input before using it in dynamically generated content.
Description:	Summary: Cacti is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Vulnerability Impact: Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Affected Software/OS: Cacti 0.8.7e is vulnerable. Other versions may be affected as well. Solution: A patch is available. Please see the references for details. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4032 20091125 Cacti 0.8.7e: Multiple security issues http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.html 20091126 Cacti 0.8.7e: Multiple security issues http://www.securityfocus.com/archive/1/508129/100/0/threaded 37109 http://www.securityfocus.com/bid/37109 37481 http://secunia.com/advisories/37481 37934 http://secunia.com/advisories/37934 38087 http://secunia.com/advisories/38087 41041 http://secunia.com/advisories/41041 60483 http://www.osvdb.org/60483 ADV-2009-3325 http://www.vupen.com/english/advisories/2009/3325 ADV-2010-2132 http://www.vupen.com/english/advisories/2010/2132 FEDORA-2009-12560 https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00166.html FEDORA-2009-12575 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01390.html JVN#09758120 http://jvn.jp/en/jp/JVN09758120/index.html JVNDB-2009-003901 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003901.html RHSA-2010:0635 https://rhn.redhat.com/errata/RHSA-2010-0635.html [oss-security] 20091125 CVE Request - Cacti - 0.8.7e http://www.openwall.com/lists/oss-security/2009/11/25/2 [oss-security] 20091125 Re: CVE Request - Cacti - 0.8.7e http://www.openwall.com/lists/oss-security/2009/11/25/4 [oss-security] 20091126 Re: CVE Request - Cacti - 0.8.7e http://www.openwall.com/lists/oss-security/2009/11/26/1 [oss-security] 20091130 Re: CVE Request - Cacti - 0.8.7e http://www.openwall.com/lists/oss-security/2009/11/30/2 cacti-name-xss(54388) https://exchange.xforce.ibmcloud.com/vulnerabilities/54388 http://bugs.gentoo.org/show_bug.cgi?id=294573 http://docs.cacti.net/#cross-site_scripting_fixes http://www.cacti.net/download_patches.php http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch
Copyright	Copyright (C) 2009 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.