CVE-2013-5588

Name of the Vulnerable Software and Affected Versions Cacti versions 0.8.8b and earlier

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters. For example, the step parameter to "install/index.php" or the id parameter to "cacti/host.php" are vulnerable.

Recommendations For Cacti versions 0.8.8b and earlier, as a temporary workaround, consider restricting access to the "install/index.php" and "cacti/host.php" endpoints until a patch is available. Avoid using the step parameter in the "install/index.php" endpoint and the id parameter in the "cacti/host.php" endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.