Intrusion Prevention

Cacti.graphs.PHP.XSS

Description

This indicates an attack attempt to exploit a Cross-Site Scripting vulnerability in Cacti, which was discovered by Fortinet's FortiGuard Labs.
The vulnerability exists due to insufficiently sanitizing user-supplied data in HTTP request sent to graphs.php so that remote attackers can exploit it to launch XSS attack.

Affected Products

Cacti Version 0.8.8c

Impact

System Compromise: Remote attackers can execute arbitrary script code within the context of the target user's browser.

Recommended Actions

Upgrade to the latest version, available from the website.
http://www.cacti.net/release_notes_0_8_8d.php

CVE References

CVE-2015-2665