A number of cross-site scripting issues were found in Cacti. A user with console access could use these flaws to perform cross-site scripting attacks against other Cacti users.
Created cacti tracking bugs for this issue:
Affects: fedora-all [bug 1121467]
Affects: epel-all [bug 1121468]
CVE-2014-5025 was assigned to XSS in data_sources.php
CVE-2014-5026 was assigned to the below issues:
- If you create a Graph Tree with Title: [XSS]
- If you create a CDEF with Name: [XSS]
- If you create a Data Source with Title: [XSS] you'll see a popup
with the text "XSS" if you try any action (Delete, Change data
template, Change Host, Enable...)
- If you create a Graph with Title: [XSS]
- If you create a Data Input Method with Name: [XSS]
- If you create a Graph Template with Name: [XSS]
- If you create a Host Templates with Name: [XSS]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.