Package name
cacti
Date
2013-09-10
Advisory ID
MDVSA-2013:228
Affected versions
MES5 i586 , MES5 x86_64

Problem description

Multiple vulnerabilities has been discovered and corrected in cacti:

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b
and earlier allow remote attackers to inject arbitrary web script or
HTML via (1) the step parameter to install/index.php or (2) the id
parameter to cacti/host.php (CVE-2013-5588).

SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and
earlier allows remote attackers to execute arbitrary SQL commands
via the id parameter (CVE-2013-5589).

The updated packages have been patched to correct these issues.

Updated packages

MES5 i586

 d34d240b461a2fa9328424d685e8b69b  mes5/i586/cacti-0.8.8b-0.2mdvmes5.2.noarch.rpm 
 e342f8fc9dcba267ebfc314763cf6d36  mes5/SRPMS/cacti-0.8.8b-0.2mdvmes5.2.src.rpm

MES5 x86_64

 0c8a7210690dfaf636fbc4346ecd5cae  mes5/x86_64/cacti-0.8.8b-0.2mdvmes5.2.noarch.rpm 
 e342f8fc9dcba267ebfc314763cf6d36  mes5/SRPMS/cacti-0.8.8b-0.2mdvmes5.2.src.rpm

References