VDB
CVE-2009-4032
CVE-2009-4032
PUBLISHED
Reported by redhat · Published November 27, 2009
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | *, n/a |
Exploit Intelligence
- Cacti 0.8.7e: Multiple Security Issues (0day-today)
Timeline
- Nov 26, 2009 PoC Published
- Nov 27, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Dec 26, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 13, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
References
- x_refsource_CONFIRM
- 20091126 Cacti 0.8.7e: Multiple security issues mailing-listx_refsource_BUGTRAQ
- 20091125 Cacti 0.8.7e: Multiple security issues mailing-listx_refsource_FULLDISC
- FEDORA-2009-12575 vendor-advisoryx_refsource_FEDORA
- 38087 third-party-advisoryx_refsource_SECUNIA
- JVN#09758120 third-party-advisoryx_refsource_JVN
- cacti-name-xss(54388) vdb-entryx_refsource_XF
- 41041 third-party-advisoryx_refsource_SECUNIA
- JVNDB-2009-003901 third-party-advisoryx_refsource_JVNDB
- x_refsource_CONFIRM
- RHSA-2010:0635 vendor-advisoryx_refsource_REDHAT
- [oss-security] 20091125 CVE Request - Cacti - 0.8.7e mailing-listx_refsource_MLIST
- [oss-security] 20091130 Re: CVE Request - Cacti - 0.8.7e mailing-listx_refsource_MLIST
- 37481 third-party-advisoryx_refsource_SECUNIA
- [oss-security] 20091125 Re: CVE Request - Cacti - 0.8.7e mailing-listx_refsource_MLIST
- [oss-security] 20091126 Re: CVE Request - Cacti - 0.8.7e mailing-listx_refsource_MLIST
- 37109 vdb-entryx_refsource_BID
- ADV-2009-3325 vdb-entryx_refsource_VUPEN
- ADV-2010-2132 vdb-entryx_refsource_VUPEN
- 37934 third-party-advisoryx_refsource_SECUNIA
…and 4 more