CVE-2013-5588

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php.

Published: Aug 29, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-5588
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
cacti / cacti	0.8.6k	0.8.6k.x
cacti / cacti	0.8.6d	0.8.6d.x
cacti / cacti	0.8.7	0.8.7.x
cacti / cacti	0.8.5a	0.8.5a.x
cacti / cacti	0.8.3	0.8.3.x
cacti / cacti	0.8.2	0.8.2.x
cacti / cacti	0.8.5	0.8.5.x
cacti / cacti	0.8.7d	0.8.7d.x
cacti / cacti	0.8.7b	0.8.7b.x
cacti / cacti	0.8.6e	0.8.6e.x
cacti / cacti	0.8.7a	0.8.7a.x
cacti / cacti	0.8.8	0.8.8.x
cacti / cacti	0.8.8a	0.8.8a.x
cacti / cacti	0.8.6f	0.8.6f.x
cacti / cacti	0.8.6g	0.8.6g.x
cacti / cacti	0.8.6j	0.8.6j.x
cacti / cacti	0.8.7h	0.8.7h.x
cacti / cacti	0.8.7c	0.8.7c.x
cacti / cacti	0.8	0.8.x
cacti / cacti	0.8.7f	0.8.7f.x
cacti / cacti	0.8.7e	0.8.7e.x
cacti / cacti	0.8.6a	0.8.6a.x
cacti / cacti	0.8.6i	0.8.6i.x
cacti / cacti	0.8.6	0.8.6.x
cacti / cacti	0.8.7i	0.8.7i.x
cacti / cacti	0.8.1	0.8.1.x
cacti / cacti	0.8.4	0.8.4.x
cacti / cacti	0.8.6c	0.8.6c.x
cacti / cacti	-	0.8.8b.x
cacti / cacti	0.8.6b	0.8.6b.x
cacti / cacti	0.8.7g	0.8.7g.x
cacti / cacti	0.8.2a	0.8.2a.x
cacti / cacti	0.8.3a	0.8.3a.x
cacti / cacti	0.8.6h	0.8.6h.x
opensuse / opensuse	13.1	13.1.x
opensuse / opensuse	13.2	13.2.x

Vulnerability Database

289,782

CVE-2013-5588