CVE-2010-1644

Publication date 23 August 2010

Last updated 24 July 2024


Ubuntu priority

Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php.

Status

Package Ubuntu Release Status
cacti 11.10 oneiric
Fixed 0.8.7g-1
11.04 natty
Fixed 0.8.7g-1
10.10 maverick
Fixed 0.8.7g-1
10.04 LTS lucid
Fixed 0.8.7e-2ubuntu0.1
9.10 karmic Ignored end of life
9.04 jaunty Ignored end of life
8.04 LTS hardy Ignored end of life
6.06 LTS dapper Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
cacti