Multiple XSS issues were discovered in Cacti and fixed in version 0.8.7f: - host.php via "hostname" and "description" parameters - data_sources.php via "host_id" parameter References: http://www.vupen.com/english/advisories/2010/1203 http://www.cacti.net/release_notes_0_8_7f.php Upstream commit: http://svn.cacti.net/viewvc?view=rev&revision=5901
This issue has been addressed in following products: Red Hat HPC Solution for RHEL 5 Via RHSA-2010:0635 https://rhn.redhat.com/errata/RHSA-2010-0635.html