CVE-2010-1644

Publication date 23 August 2010

Last updated 24 July 2024

Ubuntu priority

Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
cacti	11.10 oneiric	Fixed 0.8.7g-1
	11.04 natty	Fixed 0.8.7g-1
	10.10 maverick	Fixed 0.8.7g-1
	10.04 LTS lucid	Fixed 0.8.7e-2ubuntu0.1
	9.10 karmic	Ignored
	9.04 jaunty	Ignored
	8.04 LTS hardy	Ignored
	6.06 LTS dapper	Ignored

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
cacti	Upstream: http://svn.cacti.net/viewvc?view=rev&revision=5901

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2010-1644