Cross Site Scripting in parameter 'filter'
Fix provided in cacti-0.8.7b-1.1.src.rpm sent to Nils
This isn't fixed in the current 0.8.7e-3.fc12, which means this isn't fixed in HPC or upstream. Reproduced with the above-mentioned reproducer.
Confirmed with 0.8.7f-1.
Fixed upstream now:
Part of larger commit fixing other XSS issues:
This issue has been addressed in following products:
Red Hat HPC Solution for RHEL 5
Via RHSA-2010:0635 https://rhn.redhat.com/errata/RHSA-2010-0635.html