CVE-2010-1644

NameCVE-2010-1644
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2384-1
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cacti (PTS)wheezy0.8.8a+dfsg-5+deb7u8fixed
wheezy (security)0.8.8a+dfsg-5+deb7u10fixed
jessie0.8.8b+dfsg-8+deb8u6fixed
jessie (security)0.8.8b+dfsg-8+deb8u4fixed
stretch0.8.8h+ds1-10fixed
buster, sid1.1.28+ds1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cactisource(unstable)0.8.7g-1medium
cactisourcelenny0.8.7b-2.1+lenny4mediumDSA-2384-1
cactisourcesqueeze0.8.7g-1+squeeze1mediumDSA-2384-1

Search for package or bug name: Reporting problems