CVE-2014-5026 - Vulnerability Details - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cacti	Cacti
Debian	Debian Linux
Opensuse	Opensuse

Configuration 1 [-]

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:cacti:cacti:0.8.8b:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*

No data.

References

Link	Providers
http://bugs.cacti.net/view.php?id=2456
http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html
http://seclists.org/oss-sec/2014/q3/244
http://www.debian.org/security/2014/dsa-3007
http://www.openwall.com/lists/oss-security/2014/07/22/9
http://www.securityfocus.com/bid/68759
https://exchange.xforce.ibmcloud.com/vulnerabilities/94816
https://security.gentoo.org/glsa/201509-03

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-10-20T17:00:00

Updated: 2024-08-06T11:34:37.292Z

Reserved: 2014-07-22T00:00:00

Link: CVE-2014-5026

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-10-20T17:55:06.197

Modified: 2024-11-21T02:11:18.713

Link: CVE-2014-5026

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-07-11T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "DSA-3007", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-3007"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.cacti.net/view.php?id=2456"}, {"name": "[oss-security] 20140722 Re: CVE request: cacti XSS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2014/07/22/9"}, {"name": "68759", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68759"}, {"name": "openSUSE-SU-2015:0479", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html"}, {"name": "cacti-cve20145026-xss(94816)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94816"}, {"name": "[oss-security] 20140724 Re: Duplicated CVE - Cacti XSS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2014/q3/244"}, {"name": "GLSA-201509-03", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201509-03"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-5026", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "DSA-3007", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-3007"}, {"name": "http://bugs.cacti.net/view.php?id=2456", "refsource": "CONFIRM", "url": "http://bugs.cacti.net/view.php?id=2456"}, {"name": "[oss-security] 20140722 Re: CVE request: cacti XSS", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2014/07/22/9"}, {"name": "68759", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68759"}, {"name": "openSUSE-SU-2015:0479", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html"}, {"name": "cacti-cve20145026-xss(94816)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94816"}, {"name": "[oss-security] 20140724 Re: Duplicated CVE - Cacti XSS", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2014/q3/244"}, {"name": "GLSA-201509-03", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201509-03"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:34:37.292Z"}, "title": "CVE Program Container", "references": [{"name": "DSA-3007", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-3007"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.cacti.net/view.php?id=2456"}, {"name": "[oss-security] 20140722 Re: CVE request: cacti XSS", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2014/07/22/9"}, {"name": "68759", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/68759"}, {"name": "openSUSE-SU-2015:0479", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html"}, {"name": "cacti-cve20145026-xss(94816)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94816"}, {"name": "[oss-security] 20140724 Re: Duplicated CVE - Cacti XSS", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://seclists.org/oss-sec/2014/q3/244"}, {"name": "GLSA-201509-03", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201509-03"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-5026", "datePublished": "2014-10-20T17:00:00", "dateReserved": "2014-07-22T00:00:00", "dateUpdated": "2024-08-06T11:34:37.292Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cacti:cacti:0.8.8b:*:*:*:*:*:*:*", "matchCriteriaId": "25C92A47-E876-481D-83DB-0B547F0C101E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en Cacti 0.8.8b permiten a usuarios remotos autenticados con acceso a la consola inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de (1) un t\u00edtulo de \u00e1rbol de gr\u00e1fico en una acci\u00f3n de eliminaci\u00f3n o (2) de editar; (3) CDEF Name, (4) Data Input Method Name, o (5) Host Templates Name en una acci\u00f3n de eliminaci\u00f3n; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name en una acci\u00f3n de eliminaci\u00f3n o (9) duplicar."}], "id": "CVE-2014-5026", "lastModified": "2024-11-21T02:11:18.713", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-10-20T17:55:06.197", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://bugs.cacti.net/view.php?id=2456"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://seclists.org/oss-sec/2014/q3/244"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-3007"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/07/22/9"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/68759"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94816"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/201509-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "http://bugs.cacti.net/view.php?id=2456"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://seclists.org/oss-sec/2014/q3/244"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-3007"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2014/07/22/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/68759"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94816"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201509-03"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}