CVE-2009-4032

Name of the Vulnerable Software and Affected Versions Cacti version 0.8.7e

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The affected areas include graph.php, include/top graph header.php, lib/html form.php, and lib/timespan settings.php. Specifically, the vulnerabilities can be exploited through the graph end or graph start parameters to graph.php, the date1 parameter in a tree action to graph view.php, and the page refresh and default dual pane width parameters to graph settings.php.

Recommendations For Cacti version 0.8.7e, consider disabling access to the affected PHP files until a patch is available. Restrict access to the graph.php, graph view.php, and graph settings.php endpoints to minimize the risk of exploitation. Avoid using the graph end, graph start, date1, page refresh, and default dual pane width parameters in the affected API endpoints until the issue is resolved.