Vigil@nce - Cacti: several Cross Site Scripting
July 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
Several Cross Site Scripting of Cacti can be used by an attacker
in order to execute JavaScript code in the context of the web site.
Severity: 2/4
Creation date: 12/07/2010
DESCRIPTION OF THE VULNERABILITY
The Cacti product uses a MySQL database and RRDtool (Round Robin
Database), to store information. Graphs are displayed on an
Apache+PHP web site.
Several PHP scripts do not filter their data before displaying
them: auth_login.php, cdef.php, data_input.php, data_queries.php,
data_sources.php, data_templates.php, gprint_presets.php,
graph.php, graphs_new.php, graphs.php, graph_templates_inputs.php,
graph_templates_items.php, graph_templates.php, graph_view.php,
host.php, host_templates.php, lib/functions.php,
lib/html_form.php, lib/html.php, lib/html_tree.php, lib/rrd.php,
rra.php, templates_import.php, tree.php, user_admin.php, and
utilities.php.
An attacker can therefore execute JavaScript code in the context
of the Cacti web site.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cacti-several-Cross-Site-Scripting-9751