VuXML: cacti -- multiple security vulnerabilities

Affected packages

cacti

0.8.8c

Details

VuXML ID	a0e74731-181b-11e5-a1cf-002590263bf5
Discovery	2014-11-23
Entry	2015-06-21

VuXML ID

a0e74731-181b-11e5-a1cf-002590263bf5

Discovery

2014-11-23

Entry

2015-06-21

The Cacti Group, Inc. reports:

Important Security Fixes

CVE-2013-5588 - XSS issue via installer or device editing

CVE-2013-5589 - SQL injection vulnerability in device editing

CVE-2014-2326 - XSS issue via CDEF editing

CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability

CVE-2014-2328 - Remote Command Execution Vulnerability in graph export

CVE-2014-4002 - XSS issues in multiple files

CVE-2014-5025 - XSS issue via data source editing

CVE-2014-5026 - XSS issues in multiple files

[source]

References

CVE Name

CVE-2013-5588

CVE Name

CVE-2013-5589

CVE Name

CVE-2014-2326

CVE Name

CVE-2014-2327

CVE Name

CVE-2014-2328

CVE Name

CVE-2014-4002

CVE Name

CVE-2014-5025

CVE Name

CVE-2014-5026

FreeBSD PR

ports/198586

Message

http://sourceforge.net/p/cacti/mailman/message/33072838/

URL

http://www.cacti.net/release_notes_0_8_8c.php