Flekyy

**Name of the Vulnerable Software and Affected Versions** Cacti version 0.8.8b **Description** The issue allows remote authenticated users with console access to inject arbitrary web script or HTML. This can be achieved through various means, including a Graph Tree Title in a delete or edit action, CDEF Name, Data Input Method Name, or Host Templates Name in a delete action, Data Source Title, Graph Title, or Graph Template Name in a delete or duplicate action. **Recommendations** For Cacti version 0.8.8b, update to a version that includes a fix for this issue to prevent arbitrary web script or HTML injection. As a temporary workaround, consider restricting access to the console for remote authenticated users until a patch is available. Avoid using the `Graph Tree Title`, `CDEF Name`, `Data Input Method Name`, `Host Templates Name`, `Data Source Title`, `Graph Title`, and `Graph Template Name` fields in delete, edit, or duplicate actions until the issue is resolved.