oss-sec mailing list archives
CVE Request: 3 XSS vulnerabilities in Cacti <= 0.8.8b
From: Salvatore Bonaccorso <carnil () debian org>
Date: Sun, 25 Aug 2013 09:44:15 +0200
Hi Three cross-site scripting vulnerabilities were reported in the Cacti Bugtracker at [1]: - Reflected XSS in the "step" parameter of the "/install/index.php" script - Stored XSS in the id parameter in the "/cacti/host.php" script - "/cacti/host.php" script is vulnerable to Blind SQL Injection in the "id" parameter. Upstream (Cc'ed) has commited r7420[2] and r7421[3] for 0.8.8 and 0.8.9 respectively to fix these issues. [1] http://bugs.cacti.net/view.php?id=2383 [2] http://svn.cacti.net/viewvc?view=rev&revision=7420 [3] http://svn.cacti.net/viewvc?view=rev&revision=7421 Can CVE's be assigned for these issues? Regards, Salvatore
Current thread:
- CVE Request: 3 XSS vulnerabilities in Cacti <= 0.8.8b Salvatore Bonaccorso (Aug 25)
- Re: CVE Request: 3 XSS vulnerabilities in Cacti <= 0.8.8b cve-assign (Aug 25)
- Re: CVE Request: 3 XSS vulnerabilities in Cacti <= 0.8.8b Salvatore Bonaccorso (Aug 28)
- Re: CVE Request: 3 XSS vulnerabilities in Cacti <= 0.8.8b cve-assign (Aug 25)