[Secure-testing-team] Bug#561338: CVE-2009-4032: multiple XSS issues
Steffen Joeris
steffen.joeris at skolelinux.de
Wed Dec 16 11:32:09 UTC 2009
Package: cacti
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for cacti.
CVE-2009-4032[0]:
| Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e
| allow remote attackers to inject arbitrary web script or HTML via
| vectors related to (1) graph.php, (2) include/top_graph_header.php,
| (3) lib/html_form.php, and (4) lib/timespan_settings.php, as
| demonstrated by the (a) graph_end or (b) graph_start parameters to
| graph.php; (c) the date1 parameter in a tree action to graph_view.php;
| and the (d) page_refresh and (e) default_dual_pane_width parameters to
| graph_settings.php.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Uploaded NMU patch attached.
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4032
http://security-tracker.debian.org/tracker/CVE-2009-4032
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nmu.patch
Type: text/x-diff
Size: 6208 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20091216/91dd4ba6/attachment.patch>
More information about the Secure-testing-team
mailing list