ALAS-2014-381 ---- cactiID: oval:org.secpod.oval:def:1600200 | Date: (C)2016-01-19 (M)2022-10-10 |
Class: PATCH | Family: unix |
Multiple cross-site scripting vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the drp_action parameter to cdef.php, data_input.php, data_queries.php, data_sources.php, data_templates.php, graph_templates.php, graphs.php, host.php, or host_templates.php or the graph_template_input_id or graph_template_id parameter to graph_templates_inputs.php.
Platform: |
Amazon Linux AMI |