Intrusion Prevention



This indicates an attack attempt to exploit a Cross-Site Scripting vulnerability in Cacti, which was discovered by Fortinet's FortiGuard Labs.
The vulnerability exists due to insufficiently sanitizing user-supplied data in HTTP request sent to graphs.php so that remote attackers can exploit it to launch XSS attack.

Affected Products

Cacti Version 0.8.8c


System Compromise: Remote attackers can execute arbitrary script code within the context of the target user's browser.

Recommended Actions

Upgrade to the latest version, available from the website.

CVE References