Re: CVE Request: 3 XSS vulnerabilities in Cacti <= 0.8.8b

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Three cross-site scripting vulnerabilities

We think you may mean "Three vulnerabilities" -- not all three are
XSS.

> - Reflected XSS in the "step" parameter of the "/install/index.php"
>   script
> - Stored XSS in the id parameter in the "/cacti/host.php" script

Use CVE-2013-5588 for both of these XSS issues.


> - "/cacti/host.php" script is vulnerable to Blind SQL Injection in
>   the "id" parameter.

Use CVE-2013-5589 for this SQL injection issue.


> input_validate_input_number(get_request_var_post("host_template_id"));

This code was added to host.php in both 0.8.8 and 0.8.9, but we think
that it might be impossible to exploit the host_template_id parameter
for either XSS or SQL injection. If there is a usable attack with the
host_template_id parameter, please request another CVE ID. Any
vulnerability for the host_template_id parameter is not within the
scope of either CVE-2013-5588 or CVE-2013-5589.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSGgZrAAoJEGvefgSNfHMdfRkH/R0lG8hngh9Q91DcEs7JNgUj
mOuUN3iizdQYUrjkwFgrzv0ENWtHd+jm3fwbnQVQVyTSqoOaAT2d7/mheY74Halc
R+SaMIhr8B+fKJdt2hs2wZZyqIjK6/gI1x5sv0k8/Cei389U2nhoRYzgfYukuYQB
NPSD7u2ZZVJ00r64JQfeNQ8WtTkhD69kejd7L+qn/hl0ebsQd/SM+jGk3v3vZ6eQ
+dUMHyf0z8Jo12W6ppa5biG71hqEDgdNmQuU6QXAtV4m01snZhMmt/kbQ88wg6O7
Lz27dc8vb/B+48krsdA1VcX+JQGXmv4mMSyPzzIKehxYbwqzNK+Z4ETIBfIdZHU=
=1n5f
-----END PGP SIGNATURE-----