CVE-2015-2665 : Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote at

Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published 2015-06-17 18:59:01

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Products affected by CVE-2015-2665

Fedoraproject » Fedora » Version: 24
cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 22
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 23
cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
Matching versions
Cacti » Cacti
Versions up to, including, (<=) 0.8.8c
cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-2665

EPSS FAQ

0.43%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 62 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-2665

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2015-2665

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-2665

http://www.securityfocus.com/bid/75309

Cacti CVE-2015-2665 HTML Injection Vulnerability
http://www.securitytracker.com/id/1032672

Cacti Input Validation Flaw Permits Cross-Site Scripting and SQL Injection Attacks - SecurityTracker

CVEs referencing this url
http://www.debian.org/security/2015/dsa-3295

Debian -- Security Information -- DSA-3295-1 cacti

CVEs referencing this url
http://www.cacti.net/release_notes_0_8_8d.php

Cacti® - The Complete RRDTool-based Graphing Solution
Vendor Advisory

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183449.html

[SECURITY] Fedora 23 Update: cacti-0.8.8g-1.fc23

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183919.html

[SECURITY] Fedora 24 Update: cacti-0.8.8g-1.fc24

CVEs referencing this url
http://www.fortiguard.com/advisory/FG-VD-15-017/

FortiGuard
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183454.html

[SECURITY] Fedora 22 Update: cacti-0.8.8g-1.fc22

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-2665

Products affected by CVE-2015-2665

Exploit prediction scoring system (EPSS) score for CVE-2015-2665

CVSS scores for CVE-2015-2665

CWE ids for CVE-2015-2665

References for CVE-2015-2665