CVE-2014-4002
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2014-4002
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2014-4002.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2014-4002
- Downstream
- Related
- Published
- 2014-07-03T14:55:08Z
- Modified
- 2025-08-09T20:01:26Z
- Summary
- [none]
- Details
-
Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drpaction parameter to cdef.php, (2) datainput.php, (3) dataqueries.php, (4) datasources.php, (5) datatemplates.php, (6) graphtemplates.php, (7) graphs.php, (8) host.php, or (9) hosttemplates.php or the (10) graphtemplateinputid or (11) graphtemplateid parameter to graphtemplatesinputs.php.
- References
-
- http://secunia.com/advisories/59203
- http://secunia.com/advisories/59517
- http://www.debian.org/security/2014/dsa-2970
- https://security.gentoo.org/glsa/201509-03
- http://svn.cacti.net/viewvc?view=rev&revision=7451
- http://svn.cacti.net/viewvc?view=rev&revision=7452
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html
- http://www.securityfocus.com/bid/68257