CVE-2009-4032

描述

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php.

如何修補 CVE-2009-4032

要修補 CVE-2009-4032,請將受影響套件升級到下列已修補版本。

• Debian/cacti—升級至 0.8.7e-1.1 或更新版本

CVE-2009-4032 正在被利用嗎?

中等 — EPSS 為 6.8%,可持續追蹤但非最高優先。

受影響套件(1)

• from 0, < 0.8.7e-1.1

參考連結(1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-4032