CVE 2010-1644
Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php.
Related bugs and status
CVE-2010-1644 (Candidate) is related to these bugs:
Bug #599892: [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu) | Medium | Invalid | ||
| 599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu Hardy) | Undecided | Won't Fix | ||
| 599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu Jaunty) | Undecided | Won't Fix | ||
| 599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu Lucid) | Undecided | Fix Released | ||
| 599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu Karmic) | Undecided | Won't Fix | ||
| 599892 | [Security] cacti - CVE-2009-4032, CVE-2010-1431, and CVE-2010-2092 | cacti (Ubuntu Maverick) | Medium | Invalid | ||
Bug #606663: [SECURITY] various fixes in cacti 0.8.7f and 0.8.7g
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 606663 | [SECURITY] various fixes in cacti 0.8.7f and 0.8.7g | cacti (Ubuntu) | Undecided | New | ||
Bug #906773: CVE-2011-4824 SQL injection issue in auth_login.php
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu) | Medium | Fix Released | ||
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Debian) | Unknown | Fix Released | ||
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu Lucid) | Medium | Fix Released | ||
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu Maverick) | Medium | Fix Released | ||
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu Natty) | Medium | Fix Released | ||
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu Precise) | Medium | Fix Released | ||
| 906773 | CVE-2011-4824 SQL injection issue in auth_login.php | cacti (Ubuntu Oneiric) | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
