CVE-2014-2326 — cacti - security update

Description

Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

How to fix CVE-2014-2326

To remediate CVE-2014-2326, upgrade the affected package to a fixed version below.

Debian/cacti—upgrade to 0.8.8b+dfsg-4 or later
Debian/cacti—upgrade to 0.8.8a+dfsg-5+deb7u3 or later

Is CVE-2014-2326 being exploited?

Low — EPSS is 1.3%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 0.8.8b+dfsg-4
from 0, < 0.8.8a+dfsg-5+deb7u3

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2014-2326