CVE-2008-0783

Name of the Vulnerable Software and Affected Versions Cacti versions 0.8.6 through 0.8.6j Cacti versions 0.8.7 through 0.8.7a

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved through several parameters, including the view type parameter to "graph.php", the filter parameter to "graph view.php", the action parameter to the draw navigation text function in "lib/functions.php", and the login username parameter to "index.php".

Recommendations For Cacti versions 0.8.6 through 0.8.6j, update to version 0.8.6k or later. For Cacti versions 0.8.7 through 0.8.7a, update to version 0.8.7b or later. As a temporary workaround, consider restricting access to the affected parameters, such as view type, filter, action, and login username, until a patch is applied.