Launchpad CVE tracker

CVE 2009-4032

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php.

Related bugs and status

CVE-2009-4032 (Candidate) is related to these bugs:

Bug #599892: [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092

		In	Importance	Status
599892	[Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092	cacti (Ubuntu)	Medium	Invalid
599892	[Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092	cacti (Ubuntu Hardy)	Undecided	Won't Fix
599892	[Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092	cacti (Ubuntu Jaunty)	Undecided	Won't Fix
599892	[Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092	cacti (Ubuntu Lucid)	Undecided	Fix Released
599892	[Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092	cacti (Ubuntu Karmic)	Undecided	Won't Fix
599892	[Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092	cacti (Ubuntu Maverick)	Medium	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-4032

References