Vigil@nce - Cacti: three Cross Site Scripting
May 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
Three Cross Site Scripting of Cacti can be used by an attacker in
order to execute JavaScript code in the context of the web site.
Severity: 2/4
Creation date: 24/05/2010
DESCRIPTION OF THE VULNERABILITY
Three Cross Site Scripting were announced in Cacti.
The hostname parameter is not correctly filtered. [severity:2/4]
The host_id parameter is not correctly filtered. [severity:2/4]
The description parameter is not correctly filtered. [severity:2/4]
An attacker can therefore execute JavaScript code in the context
of the Cacti web site.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cacti-three-Cross-Site-Scripting-9660