CVE-2010-2543

Publication date 23 August 2010

Last updated 4 August 2025

Ubuntu priority

Description

Cross-site scripting (XSS) vulnerability in include/top_graph_header.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graph_start parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
cacti	11.10 oneiric	Fixed 0.8.7g-1
	11.04 natty	Fixed 0.8.7g-1
	10.10 maverick	Fixed 0.8.7g-1
	10.04 LTS lucid	Fixed 0.8.7e-2ubuntu0.1
	9.10 karmic	Ignored end of life
	9.04 jaunty	Ignored end of life
	8.04 LTS hardy	Ignored end of life
	6.06 LTS dapper	Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
cacti	Upstream: http://svn.cacti.net/viewvc?view=rev&revision=6025 Upstream: http://svn.cacti.net/viewvc?view=rev&revision=6037 Upstream: http://svn.cacti.net/viewvc?view=rev&revision=6038 Upstream: http://svn.cacti.net/viewvc?view=rev&revision=6041 Upstream: http://svn.cacti.net/viewvc?view=rev&revision=6042

References

Other references

https://www.cve.org/CVERecord?id=CVE-2010-2543