CVE-2013-5588

Published: Aug 29, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php.

Affected (36)

Products: Cacti: Cacti · Opensuse: Opensuse

1 product

1 product

Configuration A

34 vulnerable

Vulnerable Software	Affected Versions
Cacti Cacti	Up to 0.8.8b
Cacti Cacti	Version 0.8.1
Cacti Cacti	Version 0.8.2
Cacti Cacti	Version 0.8.2a
Cacti Cacti	Version 0.8.3
Cacti Cacti	Version 0.8.3a
Cacti Cacti	Version 0.8.4
Cacti Cacti	Version 0.8.5
Cacti Cacti	Version 0.8.5a
Cacti Cacti	Version 0.8.6
Cacti Cacti	Version 0.8.6a
Cacti Cacti	Version 0.8.6b
Cacti Cacti	Version 0.8.6c
Cacti Cacti	Version 0.8.6d
Cacti Cacti	Version 0.8.6e
Cacti Cacti	Version 0.8.6f
Cacti Cacti	Version 0.8.6g
Cacti Cacti	Version 0.8.6h
Cacti Cacti	Version 0.8.6i
Cacti Cacti	Version 0.8.6j
Cacti Cacti	Version 0.8.6k
Cacti Cacti	Version 0.8.7
Cacti Cacti	Version 0.8.7a
Cacti Cacti	Version 0.8.7b
Cacti Cacti	Version 0.8.7c
Cacti Cacti	Version 0.8.7d
Cacti Cacti	Version 0.8.7e
Cacti Cacti	Version 0.8.7f
Cacti Cacti	Version 0.8.7g
Cacti Cacti	Version 0.8.7h
Cacti Cacti	Version 0.8.7i
Cacti Cacti	Version 0.8.8
Cacti Cacti	Version 0.8.8a
Cacti Cacti	Version 0.8