[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-5026Date: (C)2014-10-21   (M)2023-12-22


Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 3.5
Exploit Score: 6.8
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
BID-68759
DSA-3007
GLSA-201509-03
http://www.openwall.com/lists/oss-security/2014/07/22/9
http://seclists.org/oss-sec/2014/q3/244
cacti-cve20145026-xss(94816)
http://bugs.cacti.net/view.php?id=2456
openSUSE-SU-2015:0479

CPE    3
cpe:/o:opensuse:opensuse:13.1
cpe:/a:cacti:cacti:0.8.8b
cpe:/o:debian:debian_linux:7.0
CWE    1
CWE-79
OVAL    2
oval:org.secpod.oval:def:1600382
oval:org.secpod.oval:def:601758

© SecPod Technologies