CVE-2008-0783

Publication date 14 February 2008

Last updated 24 July 2024

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the action parameter to the draw_navigation_text function in lib/functions.php, reachable through index.php (aka the login page) or data_input.php; or (4) the login_username parameter to index.php.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
cacti	7.10 gutsy	Fixed 0.8.6j-1.1ubuntu0.2
	7.04 feisty	Fixed 0.8.6i-3ubuntu0.2
	6.10 edgy	Fixed 0.8.6h-3ubuntu0.3
	6.06 LTS dapper	Fixed 0.8.6h-1ubuntu3.2

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2008-0783