Multiple vulnerabilities has been discovered and corrected in cacti: Multiple cross-site scripting vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via the step parameter to install/index.php or the id parameter to cacti/host.php . SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter . The updated packages have been patched to correct these issues.