Date: Sun, 25 Aug 2013 09:44:15 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Cc: Gandalf <gandalf@...ti.net>, Paul Gevers <elbrus@...ian.org> Subject: CVE Request: 3 XSS vulnerabilities in Cacti <= 0.8.8b Hi Three cross-site scripting vulnerabilities were reported in the Cacti Bugtracker at : - Reflected XSS in the "step" parameter of the "/install/index.php" script - Stored XSS in the id parameter in the "/cacti/host.php" script - "/cacti/host.php" script is vulnerable to Blind SQL Injection in the "id" parameter. Upstream (Cc'ed) has commited r7420 and r7421 for 0.8.8 and 0.8.9 respectively to fix these issues.  http://bugs.cacti.net/view.php?id=2383  http://svn.cacti.net/viewvc?view=rev&revision=7420  http://svn.cacti.net/viewvc?view=rev&revision=7421 Can CVE's be assigned for these issues? Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.