VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 23, 2010· Updated Apr 29, 2026

CVE-2010-2545

CVE-2010-2545

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via (1) the name element in an XML template to templates_import.php; and allow remote authenticated administrators to inject arbitrary web script or HTML via vectors related to (2) cdef.php, (3) data_input.php, (4) data_queries.php, (5) data_sources.php, (6) data_templates.php, (7) gprint_presets.php, (8) graph.php, (9) graphs_new.php, (10) graphs.php, (11) graph_templates_inputs.php, (12) graph_templates_items.php, (13) graph_templates.php, (14) graph_view.php, (15) host.php, (16) host_templates.php, (17) lib/functions.php, (18) lib/html_form.php, (19) lib/html_form_template.php, (20) lib/html.php, (21) lib/html_tree.php, (22) lib/rrd.php, (23) rra.php, (24) tree.php, and (25) user_admin.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Multiple persistent XSS vulnerabilities in Cacti before 0.8.7g allow arbitrary web script injection via various administrative interfaces and imported XML templates.

Vulnerability

Cacti versions before 0.8.7g contain multiple cross-site scripting (XSS) flaws. An unauthenticated attacker can inject arbitrary web script or HTML via the name element in an XML template imported through templates_import.php [1][3]. Additionally, authenticated administrators can inject script via various object names or descriptions across numerous pages, including cdef.php, data_input.php, data_queries.php, data_sources.php, data_templates.php, gprint_presets.php, graph.php, graphs_new.php, graphs.php, graph_templates_inputs.php, graph_templates_items.php, graph_templates.php, graph_view.php, host.php, host_templates.php, lib/functions.php, lib/html_form.php, lib/html_form_template.php, lib/html.php, lib/html_tree.php, lib/rrd.php, rra.php, tree.php, and user_admin.php [1][2]. The persistent XSS is possible because user-supplied names and descriptions are not properly escaped before being stored and later displayed on these pages.

Exploitation

For the XML template vector, an attacker must trick an administrator with template import privileges into importing a maliciously crafted XML file containing a name element with embedded script [3]. For the authenticated vectors, the attacker requires administrative access to Cacti (or a lower-privileged user tricked into changing object names) and can then inject script into fields such as graph names, data source names, or host descriptions [1][2][3]. No special network position is needed beyond HTTP access to the Cacti web interface.

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript or HTML in the context of the Cacti web application. This can lead to session hijacking, data theft, or further compromise of the administrative interface. The attacker gains the privileges of the victim user viewing the malicious content; for the template import vector, the victim is typically an administrator [3]. The CIA impact is primarily confidentiality and integrity, as the attacker can steal sensitive data or perform actions on behalf of the victim.

Mitigation

The issue is fixed in Cacti version 0.8.7g, released on 2010-07-22 [3]. Users should upgrade to this version or later. The fixes were applied in Subversion revisions r6037, r6038, r6041, and r6042, which added HTML escaping to various output locations [2][3]. There is no known workaround; upgrading is required. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.

References
  1. XSS via various object names or descriptions
  2. 'Re: [oss-security] Cacti XSS fixes in 0.8.7g'
  3. '[oss-security] Cacti XSS fixes in 0.8.7g'

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

39
  • Cacti (software)/Cacti38 versions
    cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*+ 37 more
    • cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*range: <=0.8.7f
    • cpe:2.3:a:cacti:cacti:0.5:-:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.6.8a:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.2a:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.3a:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.5a:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.6a:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.6b:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.6c:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.6d:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.6f:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.6g:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.6h:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.6i:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.6j:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.6k:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.7:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.7a:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.7b:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.7c:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.7d:*:*:*:*:*:*:*
    • cpe:2.3:a:cacti:cacti:0.8.7e:*:*:*:*:*:*:*
  • Cacti (software)/Cactillm-fuzzy
    Range: <0.8.7g

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

14

News mentions

0

No linked articles in our index yet.